From 7ffb2c85a9fe0dc9d57c1f764cc9325d20fe3fa2 Mon Sep 17 00:00:00 2001 From: Titouan-joseph Cicorella Date: Sat, 31 Aug 2024 04:55:14 +0200 Subject: [PATCH 1/5] feat: Remove prefix_list_ids attribute from _with_cidr_blocks & specific prefix list for each rules on _with_prefix_list_ids (#325) --- examples/complete/main.tf | 2 +- main.tf | 65 ++++++++++++++++++++++++++++++++++----- 2 files changed, 58 insertions(+), 9 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 049f4897..5e26fa45 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -427,7 +427,7 @@ module "prefix_list" { vpc_id = data.aws_vpc.default.id ingress_prefix_list_ids = [data.aws_prefix_list.s3.id, data.aws_prefix_list.dynamodb.id] - ingress_with_cidr_blocks = [ + ingress_with_prefix_list_ids = [ { from_port = 9100 to_port = 9100 diff --git a/main.tf b/main.tf index 170720b6..6e9eede1 100644 --- a/main.tf +++ b/main.tf @@ -202,7 +202,7 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" { join(",", var.ingress_cidr_blocks), ), )) - prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( var.ingress_with_cidr_blocks[count.index], "description", @@ -214,11 +214,13 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" { "from_port", var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][0], ) + to_port = lookup( var.ingress_with_cidr_blocks[count.index], "to_port", var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][1], ) + protocol = lookup( var.ingress_with_cidr_blocks[count.index], "protocol", @@ -241,7 +243,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { join(",", var.ingress_cidr_blocks), ), )) - prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( var.computed_ingress_with_cidr_blocks[count.index], "description", @@ -257,6 +259,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { "_", )][0], ) + to_port = lookup( var.computed_ingress_with_cidr_blocks[count.index], "to_port", @@ -266,6 +269,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { "_", )][1], ) + protocol = lookup( var.computed_ingress_with_cidr_blocks[count.index], "protocol", @@ -437,7 +441,15 @@ resource "aws_security_group_rule" "ingress_with_prefix_list_ids" { security_group_id = local.this_sg_id type = "ingress" - prefix_list_ids = var.ingress_prefix_list_ids + prefix_list_ids = compact(split( + ",", + lookup( + var.ingress_with_prefix_list_ids[count.index], + "prefix_list_ids", + join(",", var.ingress_prefix_list_ids) + ) + )) + description = lookup( var.ingress_with_prefix_list_ids[count.index], "description", @@ -449,11 +461,13 @@ resource "aws_security_group_rule" "ingress_with_prefix_list_ids" { "from_port", var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0], ) + to_port = lookup( var.ingress_with_prefix_list_ids[count.index], "to_port", var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1], ) + protocol = lookup( var.ingress_with_prefix_list_ids[count.index], "protocol", @@ -468,7 +482,15 @@ resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" { security_group_id = local.this_sg_id type = "ingress" - prefix_list_ids = var.ingress_prefix_list_ids + prefix_list_ids = compact(split( + ",", + lookup( + var.ingress_with_prefix_list_ids[count.index], + "prefix_list_ids", + join(",", var.ingress_prefix_list_ids) + ) + )) + description = lookup( var.ingress_with_prefix_list_ids[count.index], "description", @@ -480,11 +502,13 @@ resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" { "from_port", var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0], ) + to_port = lookup( var.ingress_with_prefix_list_ids[count.index], "to_port", var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1], ) + protocol = lookup( var.ingress_with_prefix_list_ids[count.index], "protocol", @@ -639,7 +663,7 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" { join(",", var.egress_cidr_blocks), ), )) - prefix_list_ids = var.egress_prefix_list_ids + description = lookup( var.egress_with_cidr_blocks[count.index], "description", @@ -651,11 +675,13 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" { "from_port", var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][0], ) + to_port = lookup( var.egress_with_cidr_blocks[count.index], "to_port", var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][1], ) + protocol = lookup( var.egress_with_cidr_blocks[count.index], "protocol", @@ -678,7 +704,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { join(",", var.egress_cidr_blocks), ), )) - prefix_list_ids = var.egress_prefix_list_ids + description = lookup( var.computed_egress_with_cidr_blocks[count.index], "description", @@ -694,6 +720,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { "_", )][0], ) + to_port = lookup( var.computed_egress_with_cidr_blocks[count.index], "to_port", @@ -703,6 +730,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { "_", )][1], ) + protocol = lookup( var.computed_egress_with_cidr_blocks[count.index], "protocol", @@ -875,7 +903,15 @@ resource "aws_security_group_rule" "egress_with_prefix_list_ids" { security_group_id = local.this_sg_id type = "egress" - prefix_list_ids = var.egress_prefix_list_ids + prefix_list_ids = compact(split( + ",", + lookup( + var.egress_with_prefix_list_ids[count.index], + "prefix_list_ids", + join(",", var.egress_prefix_list_ids) + )) + ) + description = lookup( var.egress_with_prefix_list_ids[count.index], "description", @@ -891,6 +927,7 @@ resource "aws_security_group_rule" "egress_with_prefix_list_ids" { "_", )][0], ) + to_port = lookup( var.egress_with_prefix_list_ids[count.index], "to_port", @@ -900,6 +937,7 @@ resource "aws_security_group_rule" "egress_with_prefix_list_ids" { "_", )][1], ) + protocol = lookup( var.egress_with_prefix_list_ids[count.index], "protocol", @@ -919,7 +957,16 @@ resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" { type = "egress" source_security_group_id = var.computed_egress_with_prefix_list_ids[count.index]["source_security_group_id"] - prefix_list_ids = var.egress_prefix_list_ids + + prefix_list_ids = compact(split( + ",", + lookup( + var.computed_egress_with_prefix_list_ids[count.index], + "prefix_list_ids", + join(",", var.egress_prefix_list_ids) + ) + )) + description = lookup( var.computed_egress_with_prefix_list_ids[count.index], "description", @@ -935,6 +982,7 @@ resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" { "_", )][0], ) + to_port = lookup( var.computed_egress_with_prefix_list_ids[count.index], "to_port", @@ -944,6 +992,7 @@ resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" { "_", )][1], ) + protocol = lookup( var.computed_egress_with_prefix_list_ids[count.index], "protocol", From eb9fb97125c6fd9556287193150a628cdddf5c4d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 31 Aug 2024 02:55:47 +0000 Subject: [PATCH 2/5] chore(release): version 5.2.0 [skip ci] ## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v5.1.2...v5.2.0) (2024-08-31) ### Features * Remove prefix_list_ids attribute from _with_cidr_blocks & specific prefix list for each rules on _with_prefix_list_ids ([#325](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/325)) ([7ffb2c8](https://github.com/terraform-aws-modules/terraform-aws-security-group/commit/7ffb2c85a9fe0dc9d57c1f764cc9325d20fe3fa2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4103fd11..9d4071ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v5.1.2...v5.2.0) (2024-08-31) + + +### Features + +* Remove prefix_list_ids attribute from _with_cidr_blocks & specific prefix list for each rules on _with_prefix_list_ids ([#325](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/325)) ([7ffb2c8](https://github.com/terraform-aws-modules/terraform-aws-security-group/commit/7ffb2c85a9fe0dc9d57c1f764cc9325d20fe3fa2)) + ## [5.1.2](https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v5.1.1...v5.1.2) (2024-03-12) From 43798eab255616bd23ef4140f50252d585c9c51b Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 11 Oct 2024 17:25:54 +0000 Subject: [PATCH 3/5] fix: Update CI workflow versions to latest (#329) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 16 ++++++++-------- .pre-commit-config.yaml | 4 ++-- README.md | 12 ++++++------ examples/complete/README.md | 4 ++-- examples/computed/README.md | 4 ++-- examples/disabled/README.md | 4 ++-- examples/dynamic/README.md | 4 ++-- examples/http/README.md | 4 ++-- examples/rules-only/README.md | 4 ++-- modules/activemq/README.md | 18 +++++++++--------- modules/alertmanager/README.md | 18 +++++++++--------- modules/carbon-relay-ng/README.md | 18 +++++++++--------- modules/cassandra/README.md | 18 +++++++++--------- modules/consul/README.md | 18 +++++++++--------- modules/dax-cluster/README.md | 18 +++++++++--------- modules/docker-swarm/README.md | 18 +++++++++--------- modules/elasticsearch/README.md | 18 +++++++++--------- modules/etcd/README.md | 18 +++++++++--------- modules/grafana/README.md | 18 +++++++++--------- modules/graphite-statsd/README.md | 18 +++++++++--------- modules/http-80/README.md | 18 +++++++++--------- modules/http-8080/README.md | 18 +++++++++--------- modules/https-443/README.md | 18 +++++++++--------- modules/https-8443/README.md | 18 +++++++++--------- modules/ipsec-4500/README.md | 18 +++++++++--------- modules/ipsec-500/README.md | 18 +++++++++--------- modules/kafka/README.md | 18 +++++++++--------- modules/kibana/README.md | 18 +++++++++--------- modules/kubernetes-api/README.md | 18 +++++++++--------- modules/ldap/README.md | 18 +++++++++--------- modules/ldaps/README.md | 18 +++++++++--------- modules/logstash/README.md | 18 +++++++++--------- modules/loki/README.md | 18 +++++++++--------- modules/memcached/README.md | 18 +++++++++--------- modules/minio/README.md | 18 +++++++++--------- modules/mongodb/README.md | 18 +++++++++--------- modules/mssql/README.md | 18 +++++++++--------- modules/mysql/README.md | 18 +++++++++--------- modules/nfs/README.md | 18 +++++++++--------- modules/nomad/README.md | 18 +++++++++--------- modules/ntp/README.md | 18 +++++++++--------- modules/openvpn/README.md | 18 +++++++++--------- modules/oracle-db/README.md | 18 +++++++++--------- modules/postgresql/README.md | 18 +++++++++--------- modules/prometheus/README.md | 18 +++++++++--------- modules/promtail/README.md | 18 +++++++++--------- modules/puppet/README.md | 18 +++++++++--------- modules/rabbitmq/README.md | 18 +++++++++--------- modules/rdp/README.md | 18 +++++++++--------- modules/redis/README.md | 18 +++++++++--------- modules/redshift/README.md | 18 +++++++++--------- modules/smtp-submission/README.md | 18 +++++++++--------- modules/smtp/README.md | 18 +++++++++--------- modules/smtps/README.md | 18 +++++++++--------- modules/solr/README.md | 18 +++++++++--------- modules/splunk/README.md | 18 +++++++++--------- modules/squid/README.md | 18 +++++++++--------- modules/ssh/README.md | 18 +++++++++--------- modules/storm/README.md | 18 +++++++++--------- modules/vault/README.md | 18 +++++++++--------- modules/wazuh/README.md | 18 +++++++++--------- modules/web/README.md | 18 +++++++++--------- modules/winrm/README.md | 18 +++++++++--------- modules/zabbix/README.md | 18 +++++++++--------- modules/zipkin/README.md | 18 +++++++++--------- modules/zookeeper/README.md | 18 +++++++++--------- 67 files changed, 542 insertions(+), 542 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 3973df44..1e50760e 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.4.0 + - uses: amannn/action-semantic-pull-request@v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 6cd4b18f..23318bce 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.50.3 + TERRAFORM_DOCS_VERSION: v0.19.0 + TFLINT_VERSION: v0.53.0 jobs: collectInputs: @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -92,7 +92,7 @@ jobs: sudo apt-get -qq remove -y 'postgresql-.*' sudo apt-get -qq remove -y 'php.*' sudo apt-get -qq remove -y 'temurin-.*' - sudo apt-get -qq remove -y kubectl firefox powershell mono-devel + sudo apt-get -qq remove -y kubectl firefox mono-devel sudo apt-get -qq autoremove -y sudo apt-get -qq clean df -h @@ -105,14 +105,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 # Special to this repo, we don't want to check this dir - name: Hide template dir run: rm -rf modules/_templates - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index fd8599b8..8fbf9401 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.0 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_docs @@ -9,7 +9,7 @@ repos: - id: terraform_validate exclude: '^modules/_templates/[^/]+$' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index c781d2de..4b0d4492 100644 --- a/README.md +++ b/README.md @@ -154,7 +154,7 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu No issue is creating limit on this module. - + ## Requirements | Name | Version | @@ -207,7 +207,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [auto\_groups](#input\_auto\_groups) | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | 
{
  "activemq": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "activemq-5671-tcp",
      "activemq-8883-tcp",
      "activemq-61614-tcp",
      "activemq-61617-tcp",
      "activemq-61619-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "alertmanager": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "alertmanager-9093-tcp",
      "alertmanager-9094-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "carbon-relay-ng": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "carbon-line-in-tcp",
      "carbon-line-in-udp",
      "carbon-pickle-tcp",
      "carbon-pickle-udp",
      "carbon-gui-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "cassandra": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "cassandra-clients-tcp",
      "cassandra-thrift-clients-tcp",
      "cassandra-jmx-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "consul": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "consul-tcp",
      "consul-grpc-tcp",
      "consul-grpc-tcp-tls",
      "consul-webui-http-tcp",
      "consul-webui-https-tcp",
      "consul-dns-tcp",
      "consul-dns-udp",
      "consul-serf-lan-tcp",
      "consul-serf-lan-udp",
      "consul-serf-wan-tcp",
      "consul-serf-wan-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "dax-cluster": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "dax-cluster-unencrypted-tcp",
      "dax-cluster-encrypted-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "docker-swarm": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "docker-swarm-mngmt-tcp",
      "docker-swarm-node-tcp",
      "docker-swarm-node-udp",
      "docker-swarm-overlay-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "elasticsearch": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "elasticsearch-rest-tcp",
      "elasticsearch-java-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "etcd": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "etcd-client-tcp",
      "etcd-peer-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "grafana": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "grafana-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "graphite-statsd": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "graphite-webui",
      "graphite-2003-tcp",
      "graphite-2004-tcp",
      "graphite-2023-tcp",
      "graphite-2024-tcp",
      "graphite-8080-tcp",
      "graphite-8125-tcp",
      "graphite-8125-udp",
      "graphite-8126-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "http-80": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "http-80-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "http-8080": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "http-8080-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "https-443": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "https-443-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "https-8443": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "https-8443-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ipsec-4500": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ipsec-4500-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ipsec-500": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ipsec-500-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "kafka": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "kafka-broker-tcp",
      "kafka-broker-tls-tcp",
      "kafka-broker-tls-public-tcp",
      "kafka-broker-sasl-scram-tcp",
      "kafka-broker-sasl-scram-tcp",
      "kafka-broker-sasl-iam-tcp",
      "kafka-broker-sasl-iam-public-tcp",
      "kafka-jmx-exporter-tcp",
      "kafka-node-exporter-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "kibana": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "kibana-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "kubernetes-api": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "kubernetes-api-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ldap": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ldap-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ldaps": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ldaps-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "logstash": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "logstash-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "loki": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "loki-grafana",
      "loki-grafana-grpc"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "memcached": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "memcached-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "minio": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "minio-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "mongodb": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "mongodb-27017-tcp",
      "mongodb-27018-tcp",
      "mongodb-27019-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "mssql": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "mssql-tcp",
      "mssql-udp",
      "mssql-analytics-tcp",
      "mssql-broker-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "mysql": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "mysql-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "nfs": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "nfs-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "nomad": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "nomad-http-tcp",
      "nomad-rpc-tcp",
      "nomad-serf-tcp",
      "nomad-serf-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ntp": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ntp-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "openvpn": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "openvpn-udp",
      "openvpn-tcp",
      "openvpn-https-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "oracle-db": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "oracle-db-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "postgresql": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "postgresql-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "prometheus": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "prometheus-http-tcp",
      "prometheus-pushgateway-http-tcp",
      "prometheus-node-exporter-http-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "promtail": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "promtail-http"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "puppet": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "puppet-tcp",
      "puppetdb-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "rabbitmq": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "rabbitmq-4369-tcp",
      "rabbitmq-5671-tcp",
      "rabbitmq-5672-tcp",
      "rabbitmq-15672-tcp",
      "rabbitmq-25672-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "rdp": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "rdp-tcp",
      "rdp-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "redis": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "redis-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "redshift": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "redshift-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "smtp": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "smtp-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "smtp-submission": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "smtp-submission-587-tcp",
      "smtp-submission-2587-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "smtps": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "smtps-465-tcp",
      "smtps-2465-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "solr": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "solr-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "splunk": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "splunk-indexer-tcp",
      "splunk-web-tcp",
      "splunk-splunkd-tcp",
      "splunk-hec-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "squid": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "squid-proxy-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ssh": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ssh-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "storm": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "storm-nimbus-tcp",
      "storm-ui-tcp",
      "storm-supervisor-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "vault": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "vault-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "wazuh": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "wazuh-server-agent-connection-tcp",
      "wazuh-server-agent-connection-udp",
      "wazuh-server-agent-enrollment",
      "wazuh-server-agent-cluster-daemon",
      "wazuh-server-syslog-collector-tcp",
      "wazuh-server-syslog-collector-udp",
      "wazuh-server-restful-api",
      "wazuh-indexer-restful-api",
      "wazuh-dashboard"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "web": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "http-80-tcp",
      "http-8080-tcp",
      "https-443-tcp",
      "web-jmx-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "winrm": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "winrm-http-tcp",
      "winrm-https-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "zabbix": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "zabbix-server",
      "zabbix-proxy",
      "zabbix-agent"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "zipkin": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "zipkin-admin-tcp",
      "zipkin-admin-query-tcp",
      "zipkin-admin-web-tcp",
      "zipkin-query-tcp",
      "zipkin-web-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "zookeeper": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "zookeeper-2181-tcp",
      "zookeeper-2182-tls-tcp",
      "zookeeper-2888-tcp",
      "zookeeper-3888-tcp",
      "zookeeper-jmx-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  }
}
| no | +| [auto\_groups](#input\_auto\_groups) | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | 
{
  "activemq": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "activemq-5671-tcp",
      "activemq-8883-tcp",
      "activemq-61614-tcp",
      "activemq-61617-tcp",
      "activemq-61619-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "alertmanager": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "alertmanager-9093-tcp",
      "alertmanager-9094-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "carbon-relay-ng": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "carbon-line-in-tcp",
      "carbon-line-in-udp",
      "carbon-pickle-tcp",
      "carbon-pickle-udp",
      "carbon-gui-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "cassandra": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "cassandra-clients-tcp",
      "cassandra-thrift-clients-tcp",
      "cassandra-jmx-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "consul": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "consul-tcp",
      "consul-grpc-tcp",
      "consul-grpc-tcp-tls",
      "consul-webui-http-tcp",
      "consul-webui-https-tcp",
      "consul-dns-tcp",
      "consul-dns-udp",
      "consul-serf-lan-tcp",
      "consul-serf-lan-udp",
      "consul-serf-wan-tcp",
      "consul-serf-wan-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "dax-cluster": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "dax-cluster-unencrypted-tcp",
      "dax-cluster-encrypted-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "docker-swarm": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "docker-swarm-mngmt-tcp",
      "docker-swarm-node-tcp",
      "docker-swarm-node-udp",
      "docker-swarm-overlay-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "elasticsearch": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "elasticsearch-rest-tcp",
      "elasticsearch-java-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "etcd": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "etcd-client-tcp",
      "etcd-peer-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "grafana": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "grafana-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "graphite-statsd": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "graphite-webui",
      "graphite-2003-tcp",
      "graphite-2004-tcp",
      "graphite-2023-tcp",
      "graphite-2024-tcp",
      "graphite-8080-tcp",
      "graphite-8125-tcp",
      "graphite-8125-udp",
      "graphite-8126-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "http-80": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "http-80-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "http-8080": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "http-8080-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "https-443": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "https-443-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "https-8443": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "https-8443-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ipsec-4500": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ipsec-4500-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ipsec-500": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ipsec-500-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "kafka": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "kafka-broker-tcp",
      "kafka-broker-tls-tcp",
      "kafka-broker-tls-public-tcp",
      "kafka-broker-sasl-scram-tcp",
      "kafka-broker-sasl-scram-tcp",
      "kafka-broker-sasl-iam-tcp",
      "kafka-broker-sasl-iam-public-tcp",
      "kafka-jmx-exporter-tcp",
      "kafka-node-exporter-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "kibana": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "kibana-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "kubernetes-api": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "kubernetes-api-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ldap": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ldap-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ldaps": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ldaps-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "logstash": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "logstash-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "loki": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "loki-grafana",
      "loki-grafana-grpc"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "memcached": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "memcached-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "minio": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "minio-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "mongodb": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "mongodb-27017-tcp",
      "mongodb-27018-tcp",
      "mongodb-27019-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "mssql": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "mssql-tcp",
      "mssql-udp",
      "mssql-analytics-tcp",
      "mssql-broker-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "mysql": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "mysql-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "nfs": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "nfs-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "nomad": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "nomad-http-tcp",
      "nomad-rpc-tcp",
      "nomad-serf-tcp",
      "nomad-serf-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ntp": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ntp-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "openvpn": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "openvpn-udp",
      "openvpn-tcp",
      "openvpn-https-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "oracle-db": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "oracle-db-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "postgresql": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "postgresql-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "prometheus": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "prometheus-http-tcp",
      "prometheus-pushgateway-http-tcp",
      "prometheus-node-exporter-http-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "promtail": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "promtail-http"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "puppet": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "puppet-tcp",
      "puppetdb-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "rabbitmq": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "rabbitmq-4369-tcp",
      "rabbitmq-5671-tcp",
      "rabbitmq-5672-tcp",
      "rabbitmq-15672-tcp",
      "rabbitmq-25672-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "rdp": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "rdp-tcp",
      "rdp-udp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "redis": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "redis-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "redshift": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "redshift-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "smtp": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "smtp-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "smtp-submission": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "smtp-submission-587-tcp",
      "smtp-submission-2587-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "smtps": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "smtps-465-tcp",
      "smtps-2465-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "solr": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "solr-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "splunk": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "splunk-indexer-tcp",
      "splunk-web-tcp",
      "splunk-splunkd-tcp",
      "splunk-hec-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "squid": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "squid-proxy-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "ssh": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "ssh-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "storm": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "storm-nimbus-tcp",
      "storm-ui-tcp",
      "storm-supervisor-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "vault": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "vault-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "wazuh": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "wazuh-server-agent-connection-tcp",
      "wazuh-server-agent-connection-udp",
      "wazuh-server-agent-enrollment",
      "wazuh-server-agent-cluster-daemon",
      "wazuh-server-syslog-collector-tcp",
      "wazuh-server-syslog-collector-udp",
      "wazuh-server-restful-api",
      "wazuh-indexer-restful-api",
      "wazuh-dashboard"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "web": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "http-80-tcp",
      "http-8080-tcp",
      "https-443-tcp",
      "web-jmx-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "winrm": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "winrm-http-tcp",
      "winrm-https-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "zabbix": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "zabbix-server",
      "zabbix-proxy",
      "zabbix-agent"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "zipkin": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "zipkin-admin-tcp",
      "zipkin-admin-query-tcp",
      "zipkin-admin-web-tcp",
      "zipkin-query-tcp",
      "zipkin-web-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  },
  "zookeeper": {
    "egress_rules": [
      "all-all"
    ],
    "ingress_rules": [
      "zookeeper-2181-tcp",
      "zookeeper-2182-tls-tcp",
      "zookeeper-2888-tcp",
      "zookeeper-3888-tcp",
      "zookeeper-jmx-tcp"
    ],
    "ingress_with_self": [
      "all-all"
    ]
  }
}
| no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | | [computed\_egress\_with\_ipv6\_cidr\_blocks](#input\_computed\_egress\_with\_ipv6\_cidr\_blocks) | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -225,8 +225,8 @@ No modules. | [create\_timeout](#input\_create\_timeout) | Time to wait for a security group to be created | `string` | `"10m"` | no | | [delete\_timeout](#input\_delete\_timeout) | Time to wait for a security group to be deleted | `string` | `"15m"` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -258,7 +258,7 @@ No modules. | [number\_of\_computed\_ingress\_with\_source\_security\_group\_id](#input\_number\_of\_computed\_ingress\_with\_source\_security\_group\_id) | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [revoke\_rules\_on\_delete](#input\_revoke\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no | -| [rules](#input\_rules) | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | 
{
  "_": [
    "",
    "",
    ""
  ],
  "activemq-5671-tcp": [
    5671,
    5671,
    "tcp",
    "ActiveMQ AMQP"
  ],
  "activemq-61614-tcp": [
    61614,
    61614,
    "tcp",
    "ActiveMQ STOMP"
  ],
  "activemq-61617-tcp": [
    61617,
    61617,
    "tcp",
    "ActiveMQ OpenWire"
  ],
  "activemq-61619-tcp": [
    61619,
    61619,
    "tcp",
    "ActiveMQ WebSocket"
  ],
  "activemq-8883-tcp": [
    8883,
    8883,
    "tcp",
    "ActiveMQ MQTT"
  ],
  "alertmanager-9093-tcp": [
    9093,
    9093,
    "tcp",
    "Alert Manager"
  ],
  "alertmanager-9094-tcp": [
    9094,
    9094,
    "tcp",
    "Alert Manager Cluster"
  ],
  "all-all": [
    -1,
    -1,
    "-1",
    "All protocols"
  ],
  "all-icmp": [
    -1,
    -1,
    "icmp",
    "All IPV4 ICMP"
  ],
  "all-ipv6-icmp": [
    -1,
    -1,
    58,
    "All IPV6 ICMP"
  ],
  "all-tcp": [
    0,
    65535,
    "tcp",
    "All TCP ports"
  ],
  "all-udp": [
    0,
    65535,
    "udp",
    "All UDP ports"
  ],
  "carbon-admin-tcp": [
    2004,
    2004,
    "tcp",
    "Carbon admin"
  ],
  "carbon-gui-udp": [
    8081,
    8081,
    "tcp",
    "Carbon GUI"
  ],
  "carbon-line-in-tcp": [
    2003,
    2003,
    "tcp",
    "Carbon line-in"
  ],
  "carbon-line-in-udp": [
    2003,
    2003,
    "udp",
    "Carbon line-in"
  ],
  "carbon-pickle-tcp": [
    2013,
    2013,
    "tcp",
    "Carbon pickle"
  ],
  "carbon-pickle-udp": [
    2013,
    2013,
    "udp",
    "Carbon pickle"
  ],
  "cassandra-clients-tcp": [
    9042,
    9042,
    "tcp",
    "Cassandra clients"
  ],
  "cassandra-jmx-tcp": [
    7199,
    7199,
    "tcp",
    "JMX"
  ],
  "cassandra-thrift-clients-tcp": [
    9160,
    9160,
    "tcp",
    "Cassandra Thrift clients"
  ],
  "consul-dns-tcp": [
    8600,
    8600,
    "tcp",
    "Consul DNS"
  ],
  "consul-dns-udp": [
    8600,
    8600,
    "udp",
    "Consul DNS"
  ],
  "consul-grpc-tcp": [
    8502,
    8502,
    "tcp",
    "Consul gRPC"
  ],
  "consul-grpc-tcp-tls": [
    8503,
    8503,
    "tcp",
    "Consul gRPC TLS"
  ],
  "consul-serf-lan-tcp": [
    8301,
    8301,
    "tcp",
    "Serf LAN"
  ],
  "consul-serf-lan-udp": [
    8301,
    8301,
    "udp",
    "Serf LAN"
  ],
  "consul-serf-wan-tcp": [
    8302,
    8302,
    "tcp",
    "Serf WAN"
  ],
  "consul-serf-wan-udp": [
    8302,
    8302,
    "udp",
    "Serf WAN"
  ],
  "consul-tcp": [
    8300,
    8300,
    "tcp",
    "Consul server"
  ],
  "consul-webui-http-tcp": [
    8500,
    8500,
    "tcp",
    "Consul web UI HTTP"
  ],
  "consul-webui-https-tcp": [
    8501,
    8501,
    "tcp",
    "Consul web UI HTTPS"
  ],
  "dax-cluster-encrypted-tcp": [
    9111,
    9111,
    "tcp",
    "DAX Cluster encrypted"
  ],
  "dax-cluster-unencrypted-tcp": [
    8111,
    8111,
    "tcp",
    "DAX Cluster unencrypted"
  ],
  "dns-tcp": [
    53,
    53,
    "tcp",
    "DNS"
  ],
  "dns-udp": [
    53,
    53,
    "udp",
    "DNS"
  ],
  "docker-swarm-mngmt-tcp": [
    2377,
    2377,
    "tcp",
    "Docker Swarm cluster management"
  ],
  "docker-swarm-node-tcp": [
    7946,
    7946,
    "tcp",
    "Docker Swarm node"
  ],
  "docker-swarm-node-udp": [
    7946,
    7946,
    "udp",
    "Docker Swarm node"
  ],
  "docker-swarm-overlay-udp": [
    4789,
    4789,
    "udp",
    "Docker Swarm Overlay Network Traffic"
  ],
  "elasticsearch-java-tcp": [
    9300,
    9300,
    "tcp",
    "Elasticsearch Java interface"
  ],
  "elasticsearch-rest-tcp": [
    9200,
    9200,
    "tcp",
    "Elasticsearch REST interface"
  ],
  "etcd-client-tcp": [
    2379,
    2379,
    "tcp",
    "Etcd Client"
  ],
  "etcd-peer-tcp": [
    2380,
    2380,
    "tcp",
    "Etcd Peer"
  ],
  "grafana-tcp": [
    3000,
    3000,
    "tcp",
    "Grafana Dashboard"
  ],
  "graphite-2003-tcp": [
    2003,
    2003,
    "tcp",
    "Carbon receiver plain text"
  ],
  "graphite-2004-tcp": [
    2004,
    2004,
    "tcp",
    "Carbon receiver pickle"
  ],
  "graphite-2023-tcp": [
    2023,
    2023,
    "tcp",
    "Carbon aggregator plaintext"
  ],
  "graphite-2024-tcp": [
    2024,
    2024,
    "tcp",
    "Carbon aggregator pickle"
  ],
  "graphite-8080-tcp": [
    8080,
    8080,
    "tcp",
    "Graphite gunicorn port"
  ],
  "graphite-8125-tcp": [
    8125,
    8125,
    "tcp",
    "Statsd TCP"
  ],
  "graphite-8125-udp": [
    8125,
    8125,
    "udp",
    "Statsd UDP default"
  ],
  "graphite-8126-tcp": [
    8126,
    8126,
    "tcp",
    "Statsd admin"
  ],
  "graphite-webui": [
    80,
    80,
    "tcp",
    "Graphite admin interface"
  ],
  "http-80-tcp": [
    80,
    80,
    "tcp",
    "HTTP"
  ],
  "http-8080-tcp": [
    8080,
    8080,
    "tcp",
    "HTTP"
  ],
  "https-443-tcp": [
    443,
    443,
    "tcp",
    "HTTPS"
  ],
  "https-8443-tcp": [
    8443,
    8443,
    "tcp",
    "HTTPS"
  ],
  "ipsec-4500-udp": [
    4500,
    4500,
    "udp",
    "IPSEC NAT-T"
  ],
  "ipsec-500-udp": [
    500,
    500,
    "udp",
    "IPSEC ISAKMP"
  ],
  "kafka-broker-sasl-iam-public-tcp": [
    9198,
    9198,
    "tcp",
    "Kafka SASL/IAM Public access control enabled (MSK specific)"
  ],
  "kafka-broker-sasl-iam-tcp": [
    9098,
    9098,
    "tcp",
    "Kafka SASL/IAM access control enabled (MSK specific)"
  ],
  "kafka-broker-sasl-scram-public-tcp": [
    9196,
    9196,
    "tcp",
    "Kafka SASL/SCRAM Public enabled broker (MSK specific)"
  ],
  "kafka-broker-sasl-scram-tcp": [
    9096,
    9096,
    "tcp",
    "Kafka SASL/SCRAM enabled broker (MSK specific)"
  ],
  "kafka-broker-tcp": [
    9092,
    9092,
    "tcp",
    "Kafka PLAINTEXT enable broker 0.8.2+"
  ],
  "kafka-broker-tls-public-tcp": [
    9194,
    9194,
    "tcp",
    "Kafka TLS Public enabled broker 0.8.2+ (MSK specific)"
  ],
  "kafka-broker-tls-tcp": [
    9094,
    9094,
    "tcp",
    "Kafka TLS enabled broker 0.8.2+"
  ],
  "kafka-jmx-exporter-tcp": [
    11001,
    11001,
    "tcp",
    "Kafka JMX Exporter"
  ],
  "kafka-node-exporter-tcp": [
    11002,
    11002,
    "tcp",
    "Kafka Node Exporter"
  ],
  "kibana-tcp": [
    5601,
    5601,
    "tcp",
    "Kibana Web Interface"
  ],
  "kubernetes-api-tcp": [
    6443,
    6443,
    "tcp",
    "Kubernetes API Server"
  ],
  "ldap-tcp": [
    389,
    389,
    "tcp",
    "LDAP"
  ],
  "ldaps-tcp": [
    636,
    636,
    "tcp",
    "LDAPS"
  ],
  "logstash-tcp": [
    5044,
    5044,
    "tcp",
    "Logstash"
  ],
  "loki-grafana": [
    3100,
    3100,
    "tcp",
    "Grafana Loki endpoint"
  ],
  "loki-grafana-grpc": [
    9095,
    9095,
    "tcp",
    "Grafana Loki GRPC"
  ],
  "memcached-tcp": [
    11211,
    11211,
    "tcp",
    "Memcached"
  ],
  "minio-tcp": [
    9000,
    9000,
    "tcp",
    "MinIO"
  ],
  "mongodb-27017-tcp": [
    27017,
    27017,
    "tcp",
    "MongoDB"
  ],
  "mongodb-27018-tcp": [
    27018,
    27018,
    "tcp",
    "MongoDB shard"
  ],
  "mongodb-27019-tcp": [
    27019,
    27019,
    "tcp",
    "MongoDB config server"
  ],
  "mssql-analytics-tcp": [
    2383,
    2383,
    "tcp",
    "MSSQL Analytics"
  ],
  "mssql-broker-tcp": [
    4022,
    4022,
    "tcp",
    "MSSQL Broker"
  ],
  "mssql-tcp": [
    1433,
    1433,
    "tcp",
    "MSSQL Server"
  ],
  "mssql-udp": [
    1434,
    1434,
    "udp",
    "MSSQL Browser"
  ],
  "mysql-tcp": [
    3306,
    3306,
    "tcp",
    "MySQL/Aurora"
  ],
  "nfs-tcp": [
    2049,
    2049,
    "tcp",
    "NFS/EFS"
  ],
  "nomad-http-tcp": [
    4646,
    4646,
    "tcp",
    "Nomad HTTP"
  ],
  "nomad-rpc-tcp": [
    4647,
    4647,
    "tcp",
    "Nomad RPC"
  ],
  "nomad-serf-tcp": [
    4648,
    4648,
    "tcp",
    "Serf"
  ],
  "nomad-serf-udp": [
    4648,
    4648,
    "udp",
    "Serf"
  ],
  "ntp-udp": [
    123,
    123,
    "udp",
    "NTP"
  ],
  "octopus-tentacle-tcp": [
    10933,
    10933,
    "tcp",
    "Octopus Tentacle"
  ],
  "openvpn-https-tcp": [
    443,
    443,
    "tcp",
    "OpenVPN"
  ],
  "openvpn-tcp": [
    943,
    943,
    "tcp",
    "OpenVPN"
  ],
  "openvpn-udp": [
    1194,
    1194,
    "udp",
    "OpenVPN"
  ],
  "oracle-db-tcp": [
    1521,
    1521,
    "tcp",
    "Oracle"
  ],
  "postgresql-tcp": [
    5432,
    5432,
    "tcp",
    "PostgreSQL"
  ],
  "prometheus-http-tcp": [
    9090,
    9090,
    "tcp",
    "Prometheus"
  ],
  "prometheus-node-exporter-http-tcp": [
    9100,
    9100,
    "tcp",
    "Prometheus Node Exporter"
  ],
  "prometheus-pushgateway-http-tcp": [
    9091,
    9091,
    "tcp",
    "Prometheus Pushgateway"
  ],
  "promtail-http": [
    9080,
    9080,
    "tcp",
    "Promtail endpoint"
  ],
  "puppet-tcp": [
    8140,
    8140,
    "tcp",
    "Puppet"
  ],
  "puppetdb-tcp": [
    8081,
    8081,
    "tcp",
    "PuppetDB"
  ],
  "rabbitmq-15672-tcp": [
    15672,
    15672,
    "tcp",
    "RabbitMQ"
  ],
  "rabbitmq-25672-tcp": [
    25672,
    25672,
    "tcp",
    "RabbitMQ"
  ],
  "rabbitmq-4369-tcp": [
    4369,
    4369,
    "tcp",
    "RabbitMQ epmd"
  ],
  "rabbitmq-5671-tcp": [
    5671,
    5671,
    "tcp",
    "RabbitMQ"
  ],
  "rabbitmq-5672-tcp": [
    5672,
    5672,
    "tcp",
    "RabbitMQ"
  ],
  "rdp-tcp": [
    3389,
    3389,
    "tcp",
    "Remote Desktop"
  ],
  "rdp-udp": [
    3389,
    3389,
    "udp",
    "Remote Desktop"
  ],
  "redis-tcp": [
    6379,
    6379,
    "tcp",
    "Redis"
  ],
  "redshift-tcp": [
    5439,
    5439,
    "tcp",
    "Redshift"
  ],
  "saltstack-tcp": [
    4505,
    4506,
    "tcp",
    "SaltStack"
  ],
  "smtp-submission-2587-tcp": [
    2587,
    2587,
    "tcp",
    "SMTP Submission"
  ],
  "smtp-submission-587-tcp": [
    587,
    587,
    "tcp",
    "SMTP Submission"
  ],
  "smtp-tcp": [
    25,
    25,
    "tcp",
    "SMTP"
  ],
  "smtps-2456-tcp": [
    2465,
    2465,
    "tcp",
    "SMTPS"
  ],
  "smtps-465-tcp": [
    465,
    465,
    "tcp",
    "SMTPS"
  ],
  "solr-tcp": [
    8983,
    8987,
    "tcp",
    "Solr"
  ],
  "splunk-hec-tcp": [
    8088,
    8088,
    "tcp",
    "Splunk HEC"
  ],
  "splunk-indexer-tcp": [
    9997,
    9997,
    "tcp",
    "Splunk indexer"
  ],
  "splunk-splunkd-tcp": [
    8089,
    8089,
    "tcp",
    "Splunkd"
  ],
  "splunk-web-tcp": [
    8000,
    8000,
    "tcp",
    "Splunk Web"
  ],
  "squid-proxy-tcp": [
    3128,
    3128,
    "tcp",
    "Squid default proxy"
  ],
  "ssh-tcp": [
    22,
    22,
    "tcp",
    "SSH"
  ],
  "storm-nimbus-tcp": [
    6627,
    6627,
    "tcp",
    "Nimbus"
  ],
  "storm-supervisor-tcp": [
    6700,
    6703,
    "tcp",
    "Supervisor"
  ],
  "storm-ui-tcp": [
    8080,
    8080,
    "tcp",
    "Storm UI"
  ],
  "vault-tcp": [
    8200,
    8200,
    "tcp",
    "Vault"
  ],
  "wazuh-dashboard": [
    443,
    443,
    "tcp",
    "Wazuh web user interface"
  ],
  "wazuh-indexer-restful-api": [
    9200,
    9200,
    "tcp",
    "Wazuh indexer RESTful API"
  ],
  "wazuh-server-agent-cluster-daemon": [
    1516,
    1516,
    "tcp",
    "Wazuh cluster daemon"
  ],
  "wazuh-server-agent-connection-tcp": [
    1514,
    1514,
    "tcp",
    "Agent connection service(TCP)"
  ],
  "wazuh-server-agent-connection-udp": [
    1514,
    1514,
    "udp",
    "Agent connection service(UDP)"
  ],
  "wazuh-server-agent-enrollment": [
    1515,
    1515,
    "tcp",
    "Agent enrollment service"
  ],
  "wazuh-server-restful-api": [
    55000,
    55000,
    "tcp",
    "Wazuh server RESTful API"
  ],
  "wazuh-server-syslog-collector-tcp": [
    514,
    514,
    "tcp",
    "Wazuh Syslog collector(TCP)"
  ],
  "wazuh-server-syslog-collector-udp": [
    514,
    514,
    "udp",
    "Wazuh Syslog collector(UDP)"
  ],
  "web-jmx-tcp": [
    1099,
    1099,
    "tcp",
    "JMX"
  ],
  "winrm-http-tcp": [
    5985,
    5985,
    "tcp",
    "WinRM HTTP"
  ],
  "winrm-https-tcp": [
    5986,
    5986,
    "tcp",
    "WinRM HTTPS"
  ],
  "zabbix-agent": [
    10050,
    10050,
    "tcp",
    "Zabbix Agent"
  ],
  "zabbix-proxy": [
    10051,
    10051,
    "tcp",
    "Zabbix Proxy"
  ],
  "zabbix-server": [
    10051,
    10051,
    "tcp",
    "Zabbix Server"
  ],
  "zipkin-admin-query-tcp": [
    9901,
    9901,
    "tcp",
    "Zipkin Admin port query"
  ],
  "zipkin-admin-tcp": [
    9990,
    9990,
    "tcp",
    "Zipkin Admin port collector"
  ],
  "zipkin-admin-web-tcp": [
    9991,
    9991,
    "tcp",
    "Zipkin Admin port web"
  ],
  "zipkin-query-tcp": [
    9411,
    9411,
    "tcp",
    "Zipkin query port"
  ],
  "zipkin-web-tcp": [
    8080,
    8080,
    "tcp",
    "Zipkin web port"
  ],
  "zookeeper-2181-tcp": [
    2181,
    2181,
    "tcp",
    "Zookeeper"
  ],
  "zookeeper-2182-tls-tcp": [
    2182,
    2182,
    "tcp",
    "Zookeeper TLS (MSK specific)"
  ],
  "zookeeper-2888-tcp": [
    2888,
    2888,
    "tcp",
    "Zookeeper"
  ],
  "zookeeper-3888-tcp": [
    3888,
    3888,
    "tcp",
    "Zookeeper"
  ],
  "zookeeper-jmx-tcp": [
    7199,
    7199,
    "tcp",
    "JMX"
  ]
}
| no | +| [rules](#input\_rules) | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | 
{
  "_": [
    "",
    "",
    ""
  ],
  "activemq-5671-tcp": [
    5671,
    5671,
    "tcp",
    "ActiveMQ AMQP"
  ],
  "activemq-61614-tcp": [
    61614,
    61614,
    "tcp",
    "ActiveMQ STOMP"
  ],
  "activemq-61617-tcp": [
    61617,
    61617,
    "tcp",
    "ActiveMQ OpenWire"
  ],
  "activemq-61619-tcp": [
    61619,
    61619,
    "tcp",
    "ActiveMQ WebSocket"
  ],
  "activemq-8883-tcp": [
    8883,
    8883,
    "tcp",
    "ActiveMQ MQTT"
  ],
  "alertmanager-9093-tcp": [
    9093,
    9093,
    "tcp",
    "Alert Manager"
  ],
  "alertmanager-9094-tcp": [
    9094,
    9094,
    "tcp",
    "Alert Manager Cluster"
  ],
  "all-all": [
    -1,
    -1,
    "-1",
    "All protocols"
  ],
  "all-icmp": [
    -1,
    -1,
    "icmp",
    "All IPV4 ICMP"
  ],
  "all-ipv6-icmp": [
    -1,
    -1,
    58,
    "All IPV6 ICMP"
  ],
  "all-tcp": [
    0,
    65535,
    "tcp",
    "All TCP ports"
  ],
  "all-udp": [
    0,
    65535,
    "udp",
    "All UDP ports"
  ],
  "carbon-admin-tcp": [
    2004,
    2004,
    "tcp",
    "Carbon admin"
  ],
  "carbon-gui-udp": [
    8081,
    8081,
    "tcp",
    "Carbon GUI"
  ],
  "carbon-line-in-tcp": [
    2003,
    2003,
    "tcp",
    "Carbon line-in"
  ],
  "carbon-line-in-udp": [
    2003,
    2003,
    "udp",
    "Carbon line-in"
  ],
  "carbon-pickle-tcp": [
    2013,
    2013,
    "tcp",
    "Carbon pickle"
  ],
  "carbon-pickle-udp": [
    2013,
    2013,
    "udp",
    "Carbon pickle"
  ],
  "cassandra-clients-tcp": [
    9042,
    9042,
    "tcp",
    "Cassandra clients"
  ],
  "cassandra-jmx-tcp": [
    7199,
    7199,
    "tcp",
    "JMX"
  ],
  "cassandra-thrift-clients-tcp": [
    9160,
    9160,
    "tcp",
    "Cassandra Thrift clients"
  ],
  "consul-dns-tcp": [
    8600,
    8600,
    "tcp",
    "Consul DNS"
  ],
  "consul-dns-udp": [
    8600,
    8600,
    "udp",
    "Consul DNS"
  ],
  "consul-grpc-tcp": [
    8502,
    8502,
    "tcp",
    "Consul gRPC"
  ],
  "consul-grpc-tcp-tls": [
    8503,
    8503,
    "tcp",
    "Consul gRPC TLS"
  ],
  "consul-serf-lan-tcp": [
    8301,
    8301,
    "tcp",
    "Serf LAN"
  ],
  "consul-serf-lan-udp": [
    8301,
    8301,
    "udp",
    "Serf LAN"
  ],
  "consul-serf-wan-tcp": [
    8302,
    8302,
    "tcp",
    "Serf WAN"
  ],
  "consul-serf-wan-udp": [
    8302,
    8302,
    "udp",
    "Serf WAN"
  ],
  "consul-tcp": [
    8300,
    8300,
    "tcp",
    "Consul server"
  ],
  "consul-webui-http-tcp": [
    8500,
    8500,
    "tcp",
    "Consul web UI HTTP"
  ],
  "consul-webui-https-tcp": [
    8501,
    8501,
    "tcp",
    "Consul web UI HTTPS"
  ],
  "dax-cluster-encrypted-tcp": [
    9111,
    9111,
    "tcp",
    "DAX Cluster encrypted"
  ],
  "dax-cluster-unencrypted-tcp": [
    8111,
    8111,
    "tcp",
    "DAX Cluster unencrypted"
  ],
  "dns-tcp": [
    53,
    53,
    "tcp",
    "DNS"
  ],
  "dns-udp": [
    53,
    53,
    "udp",
    "DNS"
  ],
  "docker-swarm-mngmt-tcp": [
    2377,
    2377,
    "tcp",
    "Docker Swarm cluster management"
  ],
  "docker-swarm-node-tcp": [
    7946,
    7946,
    "tcp",
    "Docker Swarm node"
  ],
  "docker-swarm-node-udp": [
    7946,
    7946,
    "udp",
    "Docker Swarm node"
  ],
  "docker-swarm-overlay-udp": [
    4789,
    4789,
    "udp",
    "Docker Swarm Overlay Network Traffic"
  ],
  "elasticsearch-java-tcp": [
    9300,
    9300,
    "tcp",
    "Elasticsearch Java interface"
  ],
  "elasticsearch-rest-tcp": [
    9200,
    9200,
    "tcp",
    "Elasticsearch REST interface"
  ],
  "etcd-client-tcp": [
    2379,
    2379,
    "tcp",
    "Etcd Client"
  ],
  "etcd-peer-tcp": [
    2380,
    2380,
    "tcp",
    "Etcd Peer"
  ],
  "grafana-tcp": [
    3000,
    3000,
    "tcp",
    "Grafana Dashboard"
  ],
  "graphite-2003-tcp": [
    2003,
    2003,
    "tcp",
    "Carbon receiver plain text"
  ],
  "graphite-2004-tcp": [
    2004,
    2004,
    "tcp",
    "Carbon receiver pickle"
  ],
  "graphite-2023-tcp": [
    2023,
    2023,
    "tcp",
    "Carbon aggregator plaintext"
  ],
  "graphite-2024-tcp": [
    2024,
    2024,
    "tcp",
    "Carbon aggregator pickle"
  ],
  "graphite-8080-tcp": [
    8080,
    8080,
    "tcp",
    "Graphite gunicorn port"
  ],
  "graphite-8125-tcp": [
    8125,
    8125,
    "tcp",
    "Statsd TCP"
  ],
  "graphite-8125-udp": [
    8125,
    8125,
    "udp",
    "Statsd UDP default"
  ],
  "graphite-8126-tcp": [
    8126,
    8126,
    "tcp",
    "Statsd admin"
  ],
  "graphite-webui": [
    80,
    80,
    "tcp",
    "Graphite admin interface"
  ],
  "http-80-tcp": [
    80,
    80,
    "tcp",
    "HTTP"
  ],
  "http-8080-tcp": [
    8080,
    8080,
    "tcp",
    "HTTP"
  ],
  "https-443-tcp": [
    443,
    443,
    "tcp",
    "HTTPS"
  ],
  "https-8443-tcp": [
    8443,
    8443,
    "tcp",
    "HTTPS"
  ],
  "ipsec-4500-udp": [
    4500,
    4500,
    "udp",
    "IPSEC NAT-T"
  ],
  "ipsec-500-udp": [
    500,
    500,
    "udp",
    "IPSEC ISAKMP"
  ],
  "kafka-broker-sasl-iam-public-tcp": [
    9198,
    9198,
    "tcp",
    "Kafka SASL/IAM Public access control enabled (MSK specific)"
  ],
  "kafka-broker-sasl-iam-tcp": [
    9098,
    9098,
    "tcp",
    "Kafka SASL/IAM access control enabled (MSK specific)"
  ],
  "kafka-broker-sasl-scram-public-tcp": [
    9196,
    9196,
    "tcp",
    "Kafka SASL/SCRAM Public enabled broker (MSK specific)"
  ],
  "kafka-broker-sasl-scram-tcp": [
    9096,
    9096,
    "tcp",
    "Kafka SASL/SCRAM enabled broker (MSK specific)"
  ],
  "kafka-broker-tcp": [
    9092,
    9092,
    "tcp",
    "Kafka PLAINTEXT enable broker 0.8.2+"
  ],
  "kafka-broker-tls-public-tcp": [
    9194,
    9194,
    "tcp",
    "Kafka TLS Public enabled broker 0.8.2+ (MSK specific)"
  ],
  "kafka-broker-tls-tcp": [
    9094,
    9094,
    "tcp",
    "Kafka TLS enabled broker 0.8.2+"
  ],
  "kafka-jmx-exporter-tcp": [
    11001,
    11001,
    "tcp",
    "Kafka JMX Exporter"
  ],
  "kafka-node-exporter-tcp": [
    11002,
    11002,
    "tcp",
    "Kafka Node Exporter"
  ],
  "kibana-tcp": [
    5601,
    5601,
    "tcp",
    "Kibana Web Interface"
  ],
  "kubernetes-api-tcp": [
    6443,
    6443,
    "tcp",
    "Kubernetes API Server"
  ],
  "ldap-tcp": [
    389,
    389,
    "tcp",
    "LDAP"
  ],
  "ldaps-tcp": [
    636,
    636,
    "tcp",
    "LDAPS"
  ],
  "logstash-tcp": [
    5044,
    5044,
    "tcp",
    "Logstash"
  ],
  "loki-grafana": [
    3100,
    3100,
    "tcp",
    "Grafana Loki endpoint"
  ],
  "loki-grafana-grpc": [
    9095,
    9095,
    "tcp",
    "Grafana Loki GRPC"
  ],
  "memcached-tcp": [
    11211,
    11211,
    "tcp",
    "Memcached"
  ],
  "minio-tcp": [
    9000,
    9000,
    "tcp",
    "MinIO"
  ],
  "mongodb-27017-tcp": [
    27017,
    27017,
    "tcp",
    "MongoDB"
  ],
  "mongodb-27018-tcp": [
    27018,
    27018,
    "tcp",
    "MongoDB shard"
  ],
  "mongodb-27019-tcp": [
    27019,
    27019,
    "tcp",
    "MongoDB config server"
  ],
  "mssql-analytics-tcp": [
    2383,
    2383,
    "tcp",
    "MSSQL Analytics"
  ],
  "mssql-broker-tcp": [
    4022,
    4022,
    "tcp",
    "MSSQL Broker"
  ],
  "mssql-tcp": [
    1433,
    1433,
    "tcp",
    "MSSQL Server"
  ],
  "mssql-udp": [
    1434,
    1434,
    "udp",
    "MSSQL Browser"
  ],
  "mysql-tcp": [
    3306,
    3306,
    "tcp",
    "MySQL/Aurora"
  ],
  "nfs-tcp": [
    2049,
    2049,
    "tcp",
    "NFS/EFS"
  ],
  "nomad-http-tcp": [
    4646,
    4646,
    "tcp",
    "Nomad HTTP"
  ],
  "nomad-rpc-tcp": [
    4647,
    4647,
    "tcp",
    "Nomad RPC"
  ],
  "nomad-serf-tcp": [
    4648,
    4648,
    "tcp",
    "Serf"
  ],
  "nomad-serf-udp": [
    4648,
    4648,
    "udp",
    "Serf"
  ],
  "ntp-udp": [
    123,
    123,
    "udp",
    "NTP"
  ],
  "octopus-tentacle-tcp": [
    10933,
    10933,
    "tcp",
    "Octopus Tentacle"
  ],
  "openvpn-https-tcp": [
    443,
    443,
    "tcp",
    "OpenVPN"
  ],
  "openvpn-tcp": [
    943,
    943,
    "tcp",
    "OpenVPN"
  ],
  "openvpn-udp": [
    1194,
    1194,
    "udp",
    "OpenVPN"
  ],
  "oracle-db-tcp": [
    1521,
    1521,
    "tcp",
    "Oracle"
  ],
  "postgresql-tcp": [
    5432,
    5432,
    "tcp",
    "PostgreSQL"
  ],
  "prometheus-http-tcp": [
    9090,
    9090,
    "tcp",
    "Prometheus"
  ],
  "prometheus-node-exporter-http-tcp": [
    9100,
    9100,
    "tcp",
    "Prometheus Node Exporter"
  ],
  "prometheus-pushgateway-http-tcp": [
    9091,
    9091,
    "tcp",
    "Prometheus Pushgateway"
  ],
  "promtail-http": [
    9080,
    9080,
    "tcp",
    "Promtail endpoint"
  ],
  "puppet-tcp": [
    8140,
    8140,
    "tcp",
    "Puppet"
  ],
  "puppetdb-tcp": [
    8081,
    8081,
    "tcp",
    "PuppetDB"
  ],
  "rabbitmq-15672-tcp": [
    15672,
    15672,
    "tcp",
    "RabbitMQ"
  ],
  "rabbitmq-25672-tcp": [
    25672,
    25672,
    "tcp",
    "RabbitMQ"
  ],
  "rabbitmq-4369-tcp": [
    4369,
    4369,
    "tcp",
    "RabbitMQ epmd"
  ],
  "rabbitmq-5671-tcp": [
    5671,
    5671,
    "tcp",
    "RabbitMQ"
  ],
  "rabbitmq-5672-tcp": [
    5672,
    5672,
    "tcp",
    "RabbitMQ"
  ],
  "rdp-tcp": [
    3389,
    3389,
    "tcp",
    "Remote Desktop"
  ],
  "rdp-udp": [
    3389,
    3389,
    "udp",
    "Remote Desktop"
  ],
  "redis-tcp": [
    6379,
    6379,
    "tcp",
    "Redis"
  ],
  "redshift-tcp": [
    5439,
    5439,
    "tcp",
    "Redshift"
  ],
  "saltstack-tcp": [
    4505,
    4506,
    "tcp",
    "SaltStack"
  ],
  "smtp-submission-2587-tcp": [
    2587,
    2587,
    "tcp",
    "SMTP Submission"
  ],
  "smtp-submission-587-tcp": [
    587,
    587,
    "tcp",
    "SMTP Submission"
  ],
  "smtp-tcp": [
    25,
    25,
    "tcp",
    "SMTP"
  ],
  "smtps-2456-tcp": [
    2465,
    2465,
    "tcp",
    "SMTPS"
  ],
  "smtps-465-tcp": [
    465,
    465,
    "tcp",
    "SMTPS"
  ],
  "solr-tcp": [
    8983,
    8987,
    "tcp",
    "Solr"
  ],
  "splunk-hec-tcp": [
    8088,
    8088,
    "tcp",
    "Splunk HEC"
  ],
  "splunk-indexer-tcp": [
    9997,
    9997,
    "tcp",
    "Splunk indexer"
  ],
  "splunk-splunkd-tcp": [
    8089,
    8089,
    "tcp",
    "Splunkd"
  ],
  "splunk-web-tcp": [
    8000,
    8000,
    "tcp",
    "Splunk Web"
  ],
  "squid-proxy-tcp": [
    3128,
    3128,
    "tcp",
    "Squid default proxy"
  ],
  "ssh-tcp": [
    22,
    22,
    "tcp",
    "SSH"
  ],
  "storm-nimbus-tcp": [
    6627,
    6627,
    "tcp",
    "Nimbus"
  ],
  "storm-supervisor-tcp": [
    6700,
    6703,
    "tcp",
    "Supervisor"
  ],
  "storm-ui-tcp": [
    8080,
    8080,
    "tcp",
    "Storm UI"
  ],
  "vault-tcp": [
    8200,
    8200,
    "tcp",
    "Vault"
  ],
  "wazuh-dashboard": [
    443,
    443,
    "tcp",
    "Wazuh web user interface"
  ],
  "wazuh-indexer-restful-api": [
    9200,
    9200,
    "tcp",
    "Wazuh indexer RESTful API"
  ],
  "wazuh-server-agent-cluster-daemon": [
    1516,
    1516,
    "tcp",
    "Wazuh cluster daemon"
  ],
  "wazuh-server-agent-connection-tcp": [
    1514,
    1514,
    "tcp",
    "Agent connection service(TCP)"
  ],
  "wazuh-server-agent-connection-udp": [
    1514,
    1514,
    "udp",
    "Agent connection service(UDP)"
  ],
  "wazuh-server-agent-enrollment": [
    1515,
    1515,
    "tcp",
    "Agent enrollment service"
  ],
  "wazuh-server-restful-api": [
    55000,
    55000,
    "tcp",
    "Wazuh server RESTful API"
  ],
  "wazuh-server-syslog-collector-tcp": [
    514,
    514,
    "tcp",
    "Wazuh Syslog collector(TCP)"
  ],
  "wazuh-server-syslog-collector-udp": [
    514,
    514,
    "udp",
    "Wazuh Syslog collector(UDP)"
  ],
  "web-jmx-tcp": [
    1099,
    1099,
    "tcp",
    "JMX"
  ],
  "winrm-http-tcp": [
    5985,
    5985,
    "tcp",
    "WinRM HTTP"
  ],
  "winrm-https-tcp": [
    5986,
    5986,
    "tcp",
    "WinRM HTTPS"
  ],
  "zabbix-agent": [
    10050,
    10050,
    "tcp",
    "Zabbix Agent"
  ],
  "zabbix-proxy": [
    10051,
    10051,
    "tcp",
    "Zabbix Proxy"
  ],
  "zabbix-server": [
    10051,
    10051,
    "tcp",
    "Zabbix Server"
  ],
  "zipkin-admin-query-tcp": [
    9901,
    9901,
    "tcp",
    "Zipkin Admin port query"
  ],
  "zipkin-admin-tcp": [
    9990,
    9990,
    "tcp",
    "Zipkin Admin port collector"
  ],
  "zipkin-admin-web-tcp": [
    9991,
    9991,
    "tcp",
    "Zipkin Admin port web"
  ],
  "zipkin-query-tcp": [
    9411,
    9411,
    "tcp",
    "Zipkin query port"
  ],
  "zipkin-web-tcp": [
    8080,
    8080,
    "tcp",
    "Zipkin web port"
  ],
  "zookeeper-2181-tcp": [
    2181,
    2181,
    "tcp",
    "Zookeeper"
  ],
  "zookeeper-2182-tls-tcp": [
    2182,
    2182,
    "tcp",
    "Zookeeper TLS (MSK specific)"
  ],
  "zookeeper-2888-tcp": [
    2888,
    2888,
    "tcp",
    "Zookeeper"
  ],
  "zookeeper-3888-tcp": [
    3888,
    3888,
    "tcp",
    "Zookeeper"
  ],
  "zookeeper-jmx-tcp": [
    7199,
    7199,
    "tcp",
    "JMX"
  ]
}
| no | | [security\_group\_id](#input\_security\_group\_id) | ID of existing security group whose rules we will manage | `string` | `null` | no | | [tags](#input\_tags) | A mapping of tags to assign to security group | `map(string)` | `{}` | no | | [use\_name\_prefix](#input\_use\_name\_prefix) | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no | @@ -274,7 +274,7 @@ No modules. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + ## Authors diff --git a/examples/complete/README.md b/examples/complete/README.md index 44a2e89b..2ca9c0ae 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -67,4 +67,4 @@ No inputs. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/examples/computed/README.md b/examples/computed/README.md index 6ef21582..d73af4f3 100644 --- a/examples/computed/README.md +++ b/examples/computed/README.md @@ -14,7 +14,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -56,4 +56,4 @@ No inputs. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/examples/disabled/README.md b/examples/disabled/README.md index 7dc6bcf3..8a13e024 100644 --- a/examples/disabled/README.md +++ b/examples/disabled/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -54,4 +54,4 @@ No inputs. |------|-------------| | [security\_group\_arn](#output\_security\_group\_arn) | The ARN of the security group | | [security\_group\_id](#output\_security\_group\_id) | The ID of the security group | - + diff --git a/examples/dynamic/README.md b/examples/dynamic/README.md index ef367484..1c34c9f1 100644 --- a/examples/dynamic/README.md +++ b/examples/dynamic/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -57,4 +57,4 @@ No inputs. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/examples/http/README.md b/examples/http/README.md index 54281f35..d97582b0 100644 --- a/examples/http/README.md +++ b/examples/http/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -63,4 +63,4 @@ No inputs. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/examples/rules-only/README.md b/examples/rules-only/README.md index 44e57d16..553bde80 100644 --- a/examples/rules-only/README.md +++ b/examples/rules-only/README.md @@ -16,7 +16,7 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -58,4 +58,4 @@ No inputs. | [service\_one\_security\_group\_id](#output\_service\_one\_security\_group\_id) | The ID of the security group for service one | | [service\_tow\_security\_group\_arn](#output\_service\_tow\_security\_group\_arn) | The ARN of the security group for service two | | [service\_two\_security\_group\_id](#output\_service\_two\_security\_group\_id) | The ID of the security group for service two | - + diff --git a/modules/activemq/README.md b/modules/activemq/README.md index f82c302d..5ae62912 100644 --- a/modules/activemq/README.md +++ b/modules/activemq/README.md @@ -13,7 +13,7 @@ module "activemq_security_group" { All automatic values **activemq module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/activemq/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "activemq-5671-tcp",
  "activemq-8883-tcp",
  "activemq-61614-tcp",
  "activemq-61617-tcp",
  "activemq-61619-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "activemq-5671-tcp",
  "activemq-8883-tcp",
  "activemq-61614-tcp",
  "activemq-61617-tcp",
  "activemq-61619-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/alertmanager/README.md b/modules/alertmanager/README.md index 4a37c34e..a7b021c3 100644 --- a/modules/alertmanager/README.md +++ b/modules/alertmanager/README.md @@ -13,7 +13,7 @@ module "alertmanager_security_group" { All automatic values **alertmanager module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/alertmanager/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "alertmanager-9093-tcp",
  "alertmanager-9094-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "alertmanager-9093-tcp",
  "alertmanager-9094-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/carbon-relay-ng/README.md b/modules/carbon-relay-ng/README.md index 6e6fb9f0..5b88860f 100644 --- a/modules/carbon-relay-ng/README.md +++ b/modules/carbon-relay-ng/README.md @@ -13,7 +13,7 @@ module "carbon_relay-ng_security_group" { All automatic values **carbon-relay-ng module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/carbon-relay-ng/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "carbon-line-in-tcp",
  "carbon-line-in-udp",
  "carbon-pickle-tcp",
  "carbon-pickle-udp",
  "carbon-gui-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "carbon-line-in-tcp",
  "carbon-line-in-udp",
  "carbon-pickle-tcp",
  "carbon-pickle-udp",
  "carbon-gui-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/cassandra/README.md b/modules/cassandra/README.md index dfdd4a03..d894e557 100644 --- a/modules/cassandra/README.md +++ b/modules/cassandra/README.md @@ -13,7 +13,7 @@ module "cassandra_security_group" { All automatic values **cassandra module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/cassandra/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "cassandra-clients-tcp",
  "cassandra-thrift-clients-tcp",
  "cassandra-jmx-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "cassandra-clients-tcp",
  "cassandra-thrift-clients-tcp",
  "cassandra-jmx-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/consul/README.md b/modules/consul/README.md index 1368f764..3b17ce09 100644 --- a/modules/consul/README.md +++ b/modules/consul/README.md @@ -13,7 +13,7 @@ module "consul_security_group" { All automatic values **consul module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/consul/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "consul-tcp",
  "consul-grpc-tcp",
  "consul-grpc-tcp-tls",
  "consul-webui-http-tcp",
  "consul-webui-https-tcp",
  "consul-dns-tcp",
  "consul-dns-udp",
  "consul-serf-lan-tcp",
  "consul-serf-lan-udp",
  "consul-serf-wan-tcp",
  "consul-serf-wan-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "consul-tcp",
  "consul-grpc-tcp",
  "consul-grpc-tcp-tls",
  "consul-webui-http-tcp",
  "consul-webui-https-tcp",
  "consul-dns-tcp",
  "consul-dns-udp",
  "consul-serf-lan-tcp",
  "consul-serf-lan-udp",
  "consul-serf-wan-tcp",
  "consul-serf-wan-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/dax-cluster/README.md b/modules/dax-cluster/README.md index 6ead1ced..874ec1a5 100644 --- a/modules/dax-cluster/README.md +++ b/modules/dax-cluster/README.md @@ -13,7 +13,7 @@ module "dax_cluster_security_group" { All automatic values **dax-cluster module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/dax-cluster/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "dax-cluster-unencrypted-tcp",
  "dax-cluster-encrypted-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "dax-cluster-unencrypted-tcp",
  "dax-cluster-encrypted-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/docker-swarm/README.md b/modules/docker-swarm/README.md index 9a68ac71..799cd2b9 100644 --- a/modules/docker-swarm/README.md +++ b/modules/docker-swarm/README.md @@ -13,7 +13,7 @@ module "docker_swarm_security_group" { All automatic values **docker-swarm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/docker-swarm/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "docker-swarm-mngmt-tcp",
  "docker-swarm-node-tcp",
  "docker-swarm-node-udp",
  "docker-swarm-overlay-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "docker-swarm-mngmt-tcp",
  "docker-swarm-node-tcp",
  "docker-swarm-node-udp",
  "docker-swarm-overlay-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/elasticsearch/README.md b/modules/elasticsearch/README.md index 4a40cd6e..6b7f43dd 100644 --- a/modules/elasticsearch/README.md +++ b/modules/elasticsearch/README.md @@ -13,7 +13,7 @@ module "elasticsearch_security_group" { All automatic values **elasticsearch module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/elasticsearch/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "elasticsearch-rest-tcp",
  "elasticsearch-java-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "elasticsearch-rest-tcp",
  "elasticsearch-java-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/etcd/README.md b/modules/etcd/README.md index 6a3195ad..38c7e069 100644 --- a/modules/etcd/README.md +++ b/modules/etcd/README.md @@ -13,7 +13,7 @@ module "etcd_security_group" { All automatic values **etcd module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/etcd/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "etcd-client-tcp",
  "etcd-peer-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "etcd-client-tcp",
  "etcd-peer-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/grafana/README.md b/modules/grafana/README.md index 80bbb70d..678acb49 100644 --- a/modules/grafana/README.md +++ b/modules/grafana/README.md @@ -13,7 +13,7 @@ module "grafana_security_group" { All automatic values **grafana module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/grafana/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "grafana-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "grafana-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/graphite-statsd/README.md b/modules/graphite-statsd/README.md index 938693ea..7e5624cd 100644 --- a/modules/graphite-statsd/README.md +++ b/modules/graphite-statsd/README.md @@ -13,7 +13,7 @@ module "graphite_statsd_security_group" { All automatic values **graphite-statsd module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/graphite-statsd/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "graphite-webui",
  "graphite-2003-tcp",
  "graphite-2004-tcp",
  "graphite-2023-tcp",
  "graphite-2024-tcp",
  "graphite-8080-tcp",
  "graphite-8125-tcp",
  "graphite-8125-udp",
  "graphite-8126-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "graphite-webui",
  "graphite-2003-tcp",
  "graphite-2004-tcp",
  "graphite-2023-tcp",
  "graphite-2024-tcp",
  "graphite-8080-tcp",
  "graphite-8125-tcp",
  "graphite-8125-udp",
  "graphite-8126-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/http-80/README.md b/modules/http-80/README.md index 5102ff91..85a896fd 100644 --- a/modules/http-80/README.md +++ b/modules/http-80/README.md @@ -13,7 +13,7 @@ module "http_80_security_group" { All automatic values **http-80 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/http-80/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "http-80-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "http-80-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/http-8080/README.md b/modules/http-8080/README.md index 4f8fbb71..6c350305 100644 --- a/modules/http-8080/README.md +++ b/modules/http-8080/README.md @@ -13,7 +13,7 @@ module "http_8080_security_group" { All automatic values **http-8080 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/http-8080/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "http-8080-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "http-8080-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/https-443/README.md b/modules/https-443/README.md index a1200173..4abeb1ce 100644 --- a/modules/https-443/README.md +++ b/modules/https-443/README.md @@ -13,7 +13,7 @@ module "https_443_security_group" { All automatic values **https-443 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/https-443/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "https-443-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "https-443-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/https-8443/README.md b/modules/https-8443/README.md index cd5cfb8f..fcb8c4b3 100644 --- a/modules/https-8443/README.md +++ b/modules/https-8443/README.md @@ -13,7 +13,7 @@ module "https_8443_security_group" { All automatic values **https-8443 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/https-8443/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "https-8443-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "https-8443-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/ipsec-4500/README.md b/modules/ipsec-4500/README.md index 4d5c7612..e938f72c 100644 --- a/modules/ipsec-4500/README.md +++ b/modules/ipsec-4500/README.md @@ -13,7 +13,7 @@ module "ipsec_4500_security_group" { All automatic values **ipsec-4500 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ipsec-4500/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ipsec-4500-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ipsec-4500-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/ipsec-500/README.md b/modules/ipsec-500/README.md index 4552fd57..37a50e02 100644 --- a/modules/ipsec-500/README.md +++ b/modules/ipsec-500/README.md @@ -13,7 +13,7 @@ module "ipsec_500_security_group" { All automatic values **ipsec-500 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ipsec-500/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ipsec-500-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ipsec-500-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/kafka/README.md b/modules/kafka/README.md index ce9ccb2f..c0ba8024 100644 --- a/modules/kafka/README.md +++ b/modules/kafka/README.md @@ -13,7 +13,7 @@ module "kafka_security_group" { All automatic values **kafka module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/kafka/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "kafka-broker-tcp",
  "kafka-broker-tls-tcp",
  "kafka-broker-tls-public-tcp",
  "kafka-broker-sasl-scram-tcp",
  "kafka-broker-sasl-scram-tcp",
  "kafka-broker-sasl-iam-tcp",
  "kafka-broker-sasl-iam-public-tcp",
  "kafka-jmx-exporter-tcp",
  "kafka-node-exporter-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "kafka-broker-tcp",
  "kafka-broker-tls-tcp",
  "kafka-broker-tls-public-tcp",
  "kafka-broker-sasl-scram-tcp",
  "kafka-broker-sasl-scram-tcp",
  "kafka-broker-sasl-iam-tcp",
  "kafka-broker-sasl-iam-public-tcp",
  "kafka-jmx-exporter-tcp",
  "kafka-node-exporter-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/kibana/README.md b/modules/kibana/README.md index 79c02780..6a2b68dc 100644 --- a/modules/kibana/README.md +++ b/modules/kibana/README.md @@ -13,7 +13,7 @@ module "kibana_security_group" { All automatic values **kibana module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/kibana/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "kibana-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "kibana-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/kubernetes-api/README.md b/modules/kubernetes-api/README.md index b534dc0a..25f9d934 100644 --- a/modules/kubernetes-api/README.md +++ b/modules/kubernetes-api/README.md @@ -13,7 +13,7 @@ module "kubernetes_api_security_group" { All automatic values **kubernetes-api module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/kubernetes-api/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "kubernetes-api-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "kubernetes-api-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/ldap/README.md b/modules/ldap/README.md index 4db9c17e..362a30b3 100644 --- a/modules/ldap/README.md +++ b/modules/ldap/README.md @@ -13,7 +13,7 @@ module "ldap_security_group" { All automatic values **ldap module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ldap/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ldap-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ldap-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/ldaps/README.md b/modules/ldaps/README.md index eb1e44f2..0655ad05 100644 --- a/modules/ldaps/README.md +++ b/modules/ldaps/README.md @@ -13,7 +13,7 @@ module "ldaps_security_group" { All automatic values **ldaps module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ldaps/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ldaps-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ldaps-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/logstash/README.md b/modules/logstash/README.md index 3f8d9dea..c9f3d2b6 100644 --- a/modules/logstash/README.md +++ b/modules/logstash/README.md @@ -13,7 +13,7 @@ module "logstash_security_group" { All automatic values **logstash module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/logstash/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "logstash-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "logstash-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/loki/README.md b/modules/loki/README.md index 6bc6e3b8..3583b967 100644 --- a/modules/loki/README.md +++ b/modules/loki/README.md @@ -13,7 +13,7 @@ module "loki_security_group" { All automatic values **loki module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/loki/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "loki-grafana",
  "loki-grafana-grpc"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "loki-grafana",
  "loki-grafana-grpc"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/memcached/README.md b/modules/memcached/README.md index 4d8b2dec..fc39b004 100644 --- a/modules/memcached/README.md +++ b/modules/memcached/README.md @@ -13,7 +13,7 @@ module "memcached_security_group" { All automatic values **memcached module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/memcached/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "memcached-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "memcached-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/minio/README.md b/modules/minio/README.md index a96dde19..2c542957 100644 --- a/modules/minio/README.md +++ b/modules/minio/README.md @@ -13,7 +13,7 @@ module "minio_security_group" { All automatic values **minio module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/minio/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "minio-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "minio-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/mongodb/README.md b/modules/mongodb/README.md index 6f96cf27..40decfa1 100644 --- a/modules/mongodb/README.md +++ b/modules/mongodb/README.md @@ -13,7 +13,7 @@ module "mongodb_security_group" { All automatic values **mongodb module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/mongodb/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "mongodb-27017-tcp",
  "mongodb-27018-tcp",
  "mongodb-27019-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "mongodb-27017-tcp",
  "mongodb-27018-tcp",
  "mongodb-27019-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/mssql/README.md b/modules/mssql/README.md index a15ee16a..cce23f10 100644 --- a/modules/mssql/README.md +++ b/modules/mssql/README.md @@ -13,7 +13,7 @@ module "mssql_security_group" { All automatic values **mssql module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/mssql/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "mssql-tcp",
  "mssql-udp",
  "mssql-analytics-tcp",
  "mssql-broker-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "mssql-tcp",
  "mssql-udp",
  "mssql-analytics-tcp",
  "mssql-broker-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/mysql/README.md b/modules/mysql/README.md index 6b2a1e01..7d7b1586 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -13,7 +13,7 @@ module "mysql_security_group" { All automatic values **mysql module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/mysql/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "mysql-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "mysql-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/nfs/README.md b/modules/nfs/README.md index eba6272f..94f7489f 100644 --- a/modules/nfs/README.md +++ b/modules/nfs/README.md @@ -13,7 +13,7 @@ module "nfs_security_group" { All automatic values **nfs module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/nfs/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "nfs-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "nfs-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/nomad/README.md b/modules/nomad/README.md index a7a22160..89b59635 100644 --- a/modules/nomad/README.md +++ b/modules/nomad/README.md @@ -13,7 +13,7 @@ module "nomad_security_group" { All automatic values **nomad module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/nomad/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "nomad-http-tcp",
  "nomad-rpc-tcp",
  "nomad-serf-tcp",
  "nomad-serf-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "nomad-http-tcp",
  "nomad-rpc-tcp",
  "nomad-serf-tcp",
  "nomad-serf-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/ntp/README.md b/modules/ntp/README.md index 9eca5527..89b15ffd 100644 --- a/modules/ntp/README.md +++ b/modules/ntp/README.md @@ -13,7 +13,7 @@ module "ntp_security_group" { All automatic values **ntp module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ntp/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ntp-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ntp-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/openvpn/README.md b/modules/openvpn/README.md index 51d7a584..ee2b41d8 100644 --- a/modules/openvpn/README.md +++ b/modules/openvpn/README.md @@ -13,7 +13,7 @@ module "openvpn_security_group" { All automatic values **openvpn module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/openvpn/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "openvpn-udp",
  "openvpn-tcp",
  "openvpn-https-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "openvpn-udp",
  "openvpn-tcp",
  "openvpn-https-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/oracle-db/README.md b/modules/oracle-db/README.md index ea463e0c..97be5acc 100644 --- a/modules/oracle-db/README.md +++ b/modules/oracle-db/README.md @@ -13,7 +13,7 @@ module "oracle_db_security_group" { All automatic values **oracle-db module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/oracle-db/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "oracle-db-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "oracle-db-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index e7410e9f..cdba2df4 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -13,7 +13,7 @@ module "postgresql_security_group" { All automatic values **postgresql module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/postgresql/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "postgresql-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "postgresql-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/prometheus/README.md b/modules/prometheus/README.md index 3eea7878..d967c99b 100644 --- a/modules/prometheus/README.md +++ b/modules/prometheus/README.md @@ -13,7 +13,7 @@ module "prometheus_security_group" { All automatic values **prometheus module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/prometheus/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "prometheus-http-tcp",
  "prometheus-pushgateway-http-tcp",
  "prometheus-node-exporter-http-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "prometheus-http-tcp",
  "prometheus-pushgateway-http-tcp",
  "prometheus-node-exporter-http-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/promtail/README.md b/modules/promtail/README.md index d88f4618..68f93e30 100644 --- a/modules/promtail/README.md +++ b/modules/promtail/README.md @@ -13,7 +13,7 @@ module "promtail_security_group" { All automatic values **promtail module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/promtail/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "promtail-http"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "promtail-http"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/puppet/README.md b/modules/puppet/README.md index 2f9b8f85..9c5c9a27 100644 --- a/modules/puppet/README.md +++ b/modules/puppet/README.md @@ -13,7 +13,7 @@ module "puppet_security_group" { All automatic values **puppet module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/puppet/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "puppet-tcp",
  "puppetdb-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "puppet-tcp",
  "puppetdb-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/rabbitmq/README.md b/modules/rabbitmq/README.md index 81db819d..57ff2498 100644 --- a/modules/rabbitmq/README.md +++ b/modules/rabbitmq/README.md @@ -13,7 +13,7 @@ module "rabbitmq_security_group" { All automatic values **rabbitmq module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/rabbitmq/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "rabbitmq-4369-tcp",
  "rabbitmq-5671-tcp",
  "rabbitmq-5672-tcp",
  "rabbitmq-15672-tcp",
  "rabbitmq-25672-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "rabbitmq-4369-tcp",
  "rabbitmq-5671-tcp",
  "rabbitmq-5672-tcp",
  "rabbitmq-15672-tcp",
  "rabbitmq-25672-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/rdp/README.md b/modules/rdp/README.md index 38a842ca..f8aea9a4 100644 --- a/modules/rdp/README.md +++ b/modules/rdp/README.md @@ -13,7 +13,7 @@ module "rdp_security_group" { All automatic values **rdp module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/rdp/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "rdp-tcp",
  "rdp-udp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "rdp-tcp",
  "rdp-udp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/redis/README.md b/modules/redis/README.md index 5a9d74ad..9bf1293d 100644 --- a/modules/redis/README.md +++ b/modules/redis/README.md @@ -13,7 +13,7 @@ module "redis_security_group" { All automatic values **redis module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/redis/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "redis-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "redis-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/redshift/README.md b/modules/redshift/README.md index d2f97c9c..1f6cdd76 100644 --- a/modules/redshift/README.md +++ b/modules/redshift/README.md @@ -13,7 +13,7 @@ module "redshift_security_group" { All automatic values **redshift module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/redshift/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "redshift-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "redshift-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/smtp-submission/README.md b/modules/smtp-submission/README.md index ea9059a7..477fbf51 100644 --- a/modules/smtp-submission/README.md +++ b/modules/smtp-submission/README.md @@ -13,7 +13,7 @@ module "smtp_submission_security_group" { All automatic values **smtp-submission module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/smtp-submission/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "smtp-submission-587-tcp",
  "smtp-submission-2587-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "smtp-submission-587-tcp",
  "smtp-submission-2587-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/smtp/README.md b/modules/smtp/README.md index 9aaf9c7f..7afa632f 100644 --- a/modules/smtp/README.md +++ b/modules/smtp/README.md @@ -13,7 +13,7 @@ module "smtp_security_group" { All automatic values **smtp module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/smtp/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "smtp-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "smtp-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/smtps/README.md b/modules/smtps/README.md index 899da7c5..316e3b9d 100644 --- a/modules/smtps/README.md +++ b/modules/smtps/README.md @@ -13,7 +13,7 @@ module "smtps_security_group" { All automatic values **smtps module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/smtps/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "smtps-465-tcp",
  "smtps-2465-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "smtps-465-tcp",
  "smtps-2465-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/solr/README.md b/modules/solr/README.md index 5c4a5b36..6365ef88 100644 --- a/modules/solr/README.md +++ b/modules/solr/README.md @@ -13,7 +13,7 @@ module "solr_security_group" { All automatic values **solr module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/solr/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "solr-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "solr-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/splunk/README.md b/modules/splunk/README.md index e1c2afee..87479223 100644 --- a/modules/splunk/README.md +++ b/modules/splunk/README.md @@ -13,7 +13,7 @@ module "splunk_security_group" { All automatic values **splunk module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/splunk/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "splunk-indexer-tcp",
  "splunk-web-tcp",
  "splunk-splunkd-tcp",
  "splunk-hec-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "splunk-indexer-tcp",
  "splunk-web-tcp",
  "splunk-splunkd-tcp",
  "splunk-hec-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/squid/README.md b/modules/squid/README.md index 14f32d60..fe6d7f1e 100644 --- a/modules/squid/README.md +++ b/modules/squid/README.md @@ -13,7 +13,7 @@ module "squid_security_group" { All automatic values **squid module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/squid/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "squid-proxy-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "squid-proxy-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/ssh/README.md b/modules/ssh/README.md index 6a365b2f..27031304 100644 --- a/modules/ssh/README.md +++ b/modules/ssh/README.md @@ -13,7 +13,7 @@ module "ssh_security_group" { All automatic values **ssh module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ssh/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ssh-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "ssh-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/storm/README.md b/modules/storm/README.md index 8b414784..0baae3b7 100644 --- a/modules/storm/README.md +++ b/modules/storm/README.md @@ -13,7 +13,7 @@ module "storm_security_group" { All automatic values **storm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/storm/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "storm-nimbus-tcp",
  "storm-ui-tcp",
  "storm-supervisor-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "storm-nimbus-tcp",
  "storm-ui-tcp",
  "storm-supervisor-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/vault/README.md b/modules/vault/README.md index 4982bb9a..02eb8bc8 100644 --- a/modules/vault/README.md +++ b/modules/vault/README.md @@ -13,7 +13,7 @@ module "vault_security_group" { All automatic values **vault module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/vault/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "vault-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "vault-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/wazuh/README.md b/modules/wazuh/README.md index 8c7f0168..26ce4bb5 100644 --- a/modules/wazuh/README.md +++ b/modules/wazuh/README.md @@ -13,7 +13,7 @@ module "wazuh_security_group" { All automatic values **wazuh module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/wazuh/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "wazuh-server-agent-connection-tcp",
  "wazuh-server-agent-connection-udp",
  "wazuh-server-agent-enrollment",
  "wazuh-server-agent-cluster-daemon",
  "wazuh-server-syslog-collector-tcp",
  "wazuh-server-syslog-collector-udp",
  "wazuh-server-restful-api",
  "wazuh-indexer-restful-api",
  "wazuh-dashboard"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "wazuh-server-agent-connection-tcp",
  "wazuh-server-agent-connection-udp",
  "wazuh-server-agent-enrollment",
  "wazuh-server-agent-cluster-daemon",
  "wazuh-server-syslog-collector-tcp",
  "wazuh-server-syslog-collector-udp",
  "wazuh-server-restful-api",
  "wazuh-indexer-restful-api",
  "wazuh-dashboard"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/web/README.md b/modules/web/README.md index 92561686..82cdaf03 100644 --- a/modules/web/README.md +++ b/modules/web/README.md @@ -13,7 +13,7 @@ module "web_security_group" { All automatic values **web module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/web/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "http-80-tcp",
  "http-8080-tcp",
  "https-443-tcp",
  "web-jmx-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "http-80-tcp",
  "http-8080-tcp",
  "https-443-tcp",
  "web-jmx-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/winrm/README.md b/modules/winrm/README.md index abd62a3b..05e8a5ad 100644 --- a/modules/winrm/README.md +++ b/modules/winrm/README.md @@ -13,7 +13,7 @@ module "winrm_security_group" { All automatic values **winrm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/winrm/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "winrm-http-tcp",
  "winrm-https-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "winrm-http-tcp",
  "winrm-https-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/zabbix/README.md b/modules/zabbix/README.md index 8901a60d..305f5319 100644 --- a/modules/zabbix/README.md +++ b/modules/zabbix/README.md @@ -13,7 +13,7 @@ module "zabbix_security_group" { All automatic values **zabbix module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/zabbix/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "zabbix-server",
  "zabbix-proxy",
  "zabbix-agent"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "zabbix-server",
  "zabbix-proxy",
  "zabbix-agent"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/zipkin/README.md b/modules/zipkin/README.md index b87222c8..1d9dc489 100644 --- a/modules/zipkin/README.md +++ b/modules/zipkin/README.md @@ -13,7 +13,7 @@ module "zipkin_security_group" { All automatic values **zipkin module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/zipkin/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "zipkin-admin-tcp",
  "zipkin-admin-query-tcp",
  "zipkin-admin-web-tcp",
  "zipkin-query-tcp",
  "zipkin-web-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "zipkin-admin-tcp",
  "zipkin-admin-query-tcp",
  "zipkin-admin-web-tcp",
  "zipkin-query-tcp",
  "zipkin-web-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + diff --git a/modules/zookeeper/README.md b/modules/zookeeper/README.md index ea290b41..b45e67c2 100644 --- a/modules/zookeeper/README.md +++ b/modules/zookeeper/README.md @@ -13,7 +13,7 @@ module "zookeeper_security_group" { All automatic values **zookeeper module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/zookeeper/auto_values.tf). - + ## Requirements | Name | Version | @@ -43,16 +43,16 @@ No resources. | [auto\_computed\_egress\_with\_self](#input\_auto\_computed\_egress\_with\_self) | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no | | [auto\_computed\_ingress\_rules](#input\_auto\_computed\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | `[]` | no | | [auto\_computed\_ingress\_with\_self](#input\_auto\_computed\_ingress\_with\_self) | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | +| [auto\_egress\_rules](#input\_auto\_egress\_rules) | List of egress rules to add automatically | `list(string)` | 
[
  "all-all"
]
| no | | [auto\_egress\_with\_self](#input\_auto\_egress\_with\_self) | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no | -| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "zookeeper-2181-tcp",
  "zookeeper-2182-tls-tcp",
  "zookeeper-2888-tcp",
  "zookeeper-3888-tcp",
  "zookeeper-jmx-tcp"
]
| no | -| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | +| [auto\_ingress\_rules](#input\_auto\_ingress\_rules) | List of ingress rules to add automatically | `list(string)` | 
[
  "zookeeper-2181-tcp",
  "zookeeper-2182-tls-tcp",
  "zookeeper-2888-tcp",
  "zookeeper-3888-tcp",
  "zookeeper-jmx-tcp"
]
| no | +| [auto\_ingress\_with\_self](#input\_auto\_ingress\_with\_self) | List of maps defining ingress rules with self to add automatically | `list(map(string))` | 
[
  {
    "rule": "all-all"
  }
]
| no | | [auto\_number\_of\_computed\_egress\_rules](#input\_auto\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_egress\_with\_self](#input\_auto\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_rules](#input\_auto\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no | | [auto\_number\_of\_computed\_ingress\_with\_self](#input\_auto\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no | -| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [computed\_egress\_cidr\_blocks](#input\_computed\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [computed\_egress\_ipv6\_cidr\_blocks](#input\_computed\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [computed\_egress\_prefix\_list\_ids](#input\_computed\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no | | [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no | | [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -71,8 +71,8 @@ No resources. | [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no | | [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no | | [description](#input\_description) | Description of security group | `string` | `"Security Group managed by Terraform"` | no | -| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | +| [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | 
[
  "::/0"
]
| no | | [egress\_prefix\_list\_ids](#input\_egress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no | | [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no | | [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no | @@ -123,4 +123,4 @@ No resources. | [security\_group\_name](#output\_security\_group\_name) | The name of the security group | | [security\_group\_owner\_id](#output\_security\_group\_owner\_id) | The owner ID | | [security\_group\_vpc\_id](#output\_security\_group\_vpc\_id) | The VPC ID | - + From 8500adbc068bb1c1c244435abc9e7e6dbeddf21d Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 7 Jan 2025 16:41:43 -0800 Subject: [PATCH 4/5] feat: Added wrappers for all submodules (#333) --- .pre-commit-config.yaml | 5 +- wrappers/README.md | 100 +++++ wrappers/_templates/README.md | 100 +++++ wrappers/_templates/main.tf | 67 +++ wrappers/_templates/outputs.tf | 5 + wrappers/_templates/variables.tf | 11 + wrappers/_templates/versions.tf | 10 + wrappers/activemq/README.md | 100 +++++ wrappers/activemq/main.tf | 79 ++++ wrappers/activemq/outputs.tf | 5 + wrappers/activemq/variables.tf | 11 + wrappers/activemq/versions.tf | 10 + wrappers/alertmanager/README.md | 100 +++++ wrappers/alertmanager/main.tf | 79 ++++ wrappers/alertmanager/outputs.tf | 5 + wrappers/alertmanager/variables.tf | 11 + wrappers/alertmanager/versions.tf | 10 + wrappers/carbon-relay-ng/README.md | 100 +++++ wrappers/carbon-relay-ng/main.tf | 79 ++++ wrappers/carbon-relay-ng/outputs.tf | 5 + wrappers/carbon-relay-ng/variables.tf | 11 + wrappers/carbon-relay-ng/versions.tf | 10 + wrappers/cassandra/README.md | 100 +++++ wrappers/cassandra/main.tf | 79 ++++ wrappers/cassandra/outputs.tf | 5 + wrappers/cassandra/variables.tf | 11 + wrappers/cassandra/versions.tf | 10 + wrappers/consul/README.md | 100 +++++ wrappers/consul/main.tf | 79 ++++ wrappers/consul/outputs.tf | 5 + wrappers/consul/variables.tf | 11 + wrappers/consul/versions.tf | 10 + wrappers/dax-cluster/README.md | 100 +++++ wrappers/dax-cluster/main.tf | 79 ++++ wrappers/dax-cluster/outputs.tf | 5 + wrappers/dax-cluster/variables.tf | 11 + wrappers/dax-cluster/versions.tf | 10 + wrappers/docker-swarm/README.md | 100 +++++ wrappers/docker-swarm/main.tf | 79 ++++ wrappers/docker-swarm/outputs.tf | 5 + wrappers/docker-swarm/variables.tf | 11 + wrappers/docker-swarm/versions.tf | 10 + wrappers/elasticsearch/README.md | 100 +++++ wrappers/elasticsearch/main.tf | 79 ++++ wrappers/elasticsearch/outputs.tf | 5 + wrappers/elasticsearch/variables.tf | 11 + wrappers/elasticsearch/versions.tf | 10 + wrappers/etcd/README.md | 100 +++++ wrappers/etcd/main.tf | 79 ++++ wrappers/etcd/outputs.tf | 5 + wrappers/etcd/variables.tf | 11 + wrappers/etcd/versions.tf | 10 + wrappers/grafana/README.md | 100 +++++ wrappers/grafana/main.tf | 79 ++++ wrappers/grafana/outputs.tf | 5 + wrappers/grafana/variables.tf | 11 + wrappers/grafana/versions.tf | 10 + wrappers/graphite-statsd/README.md | 100 +++++ wrappers/graphite-statsd/main.tf | 79 ++++ wrappers/graphite-statsd/outputs.tf | 5 + wrappers/graphite-statsd/variables.tf | 11 + wrappers/graphite-statsd/versions.tf | 10 + wrappers/http-80/README.md | 100 +++++ wrappers/http-80/main.tf | 79 ++++ wrappers/http-80/outputs.tf | 5 + wrappers/http-80/variables.tf | 11 + wrappers/http-80/versions.tf | 10 + wrappers/http-8080/README.md | 100 +++++ wrappers/http-8080/main.tf | 79 ++++ wrappers/http-8080/outputs.tf | 5 + wrappers/http-8080/variables.tf | 11 + wrappers/http-8080/versions.tf | 10 + wrappers/https-443/README.md | 100 +++++ wrappers/https-443/main.tf | 79 ++++ wrappers/https-443/outputs.tf | 5 + wrappers/https-443/variables.tf | 11 + wrappers/https-443/versions.tf | 10 + wrappers/https-8443/README.md | 100 +++++ wrappers/https-8443/main.tf | 79 ++++ wrappers/https-8443/outputs.tf | 5 + wrappers/https-8443/variables.tf | 11 + wrappers/https-8443/versions.tf | 10 + wrappers/ipsec-4500/README.md | 100 +++++ wrappers/ipsec-4500/main.tf | 79 ++++ wrappers/ipsec-4500/outputs.tf | 5 + wrappers/ipsec-4500/variables.tf | 11 + wrappers/ipsec-4500/versions.tf | 10 + wrappers/ipsec-500/README.md | 100 +++++ wrappers/ipsec-500/main.tf | 79 ++++ wrappers/ipsec-500/outputs.tf | 5 + wrappers/ipsec-500/variables.tf | 11 + wrappers/ipsec-500/versions.tf | 10 + wrappers/kafka/README.md | 100 +++++ wrappers/kafka/main.tf | 79 ++++ wrappers/kafka/outputs.tf | 5 + wrappers/kafka/variables.tf | 11 + wrappers/kafka/versions.tf | 10 + wrappers/kibana/README.md | 100 +++++ wrappers/kibana/main.tf | 79 ++++ wrappers/kibana/outputs.tf | 5 + wrappers/kibana/variables.tf | 11 + wrappers/kibana/versions.tf | 10 + wrappers/kubernetes-api/README.md | 100 +++++ wrappers/kubernetes-api/main.tf | 79 ++++ wrappers/kubernetes-api/outputs.tf | 5 + wrappers/kubernetes-api/variables.tf | 11 + wrappers/kubernetes-api/versions.tf | 10 + wrappers/ldap/README.md | 100 +++++ wrappers/ldap/main.tf | 79 ++++ wrappers/ldap/outputs.tf | 5 + wrappers/ldap/variables.tf | 11 + wrappers/ldap/versions.tf | 10 + wrappers/ldaps/README.md | 100 +++++ wrappers/ldaps/main.tf | 79 ++++ wrappers/ldaps/outputs.tf | 5 + wrappers/ldaps/variables.tf | 11 + wrappers/ldaps/versions.tf | 10 + wrappers/logstash/README.md | 100 +++++ wrappers/logstash/main.tf | 79 ++++ wrappers/logstash/outputs.tf | 5 + wrappers/logstash/variables.tf | 11 + wrappers/logstash/versions.tf | 10 + wrappers/loki/README.md | 100 +++++ wrappers/loki/main.tf | 79 ++++ wrappers/loki/outputs.tf | 5 + wrappers/loki/variables.tf | 11 + wrappers/loki/versions.tf | 10 + wrappers/main.tf | 562 ++++++++++++++++++++++++++ wrappers/memcached/README.md | 100 +++++ wrappers/memcached/main.tf | 79 ++++ wrappers/memcached/outputs.tf | 5 + wrappers/memcached/variables.tf | 11 + wrappers/memcached/versions.tf | 10 + wrappers/minio/README.md | 100 +++++ wrappers/minio/main.tf | 79 ++++ wrappers/minio/outputs.tf | 5 + wrappers/minio/variables.tf | 11 + wrappers/minio/versions.tf | 10 + wrappers/mongodb/README.md | 100 +++++ wrappers/mongodb/main.tf | 79 ++++ wrappers/mongodb/outputs.tf | 5 + wrappers/mongodb/variables.tf | 11 + wrappers/mongodb/versions.tf | 10 + wrappers/mssql/README.md | 100 +++++ wrappers/mssql/main.tf | 79 ++++ wrappers/mssql/outputs.tf | 5 + wrappers/mssql/variables.tf | 11 + wrappers/mssql/versions.tf | 10 + wrappers/mysql/README.md | 100 +++++ wrappers/mysql/main.tf | 79 ++++ wrappers/mysql/outputs.tf | 5 + wrappers/mysql/variables.tf | 11 + wrappers/mysql/versions.tf | 10 + wrappers/nfs/README.md | 100 +++++ wrappers/nfs/main.tf | 79 ++++ wrappers/nfs/outputs.tf | 5 + wrappers/nfs/variables.tf | 11 + wrappers/nfs/versions.tf | 10 + wrappers/nomad/README.md | 100 +++++ wrappers/nomad/main.tf | 79 ++++ wrappers/nomad/outputs.tf | 5 + wrappers/nomad/variables.tf | 11 + wrappers/nomad/versions.tf | 10 + wrappers/ntp/README.md | 100 +++++ wrappers/ntp/main.tf | 79 ++++ wrappers/ntp/outputs.tf | 5 + wrappers/ntp/variables.tf | 11 + wrappers/ntp/versions.tf | 10 + wrappers/openvpn/README.md | 100 +++++ wrappers/openvpn/main.tf | 79 ++++ wrappers/openvpn/outputs.tf | 5 + wrappers/openvpn/variables.tf | 11 + wrappers/openvpn/versions.tf | 10 + wrappers/oracle-db/README.md | 100 +++++ wrappers/oracle-db/main.tf | 79 ++++ wrappers/oracle-db/outputs.tf | 5 + wrappers/oracle-db/variables.tf | 11 + wrappers/oracle-db/versions.tf | 10 + wrappers/outputs.tf | 5 + wrappers/postgresql/README.md | 100 +++++ wrappers/postgresql/main.tf | 79 ++++ wrappers/postgresql/outputs.tf | 5 + wrappers/postgresql/variables.tf | 11 + wrappers/postgresql/versions.tf | 10 + wrappers/prometheus/README.md | 100 +++++ wrappers/prometheus/main.tf | 79 ++++ wrappers/prometheus/outputs.tf | 5 + wrappers/prometheus/variables.tf | 11 + wrappers/prometheus/versions.tf | 10 + wrappers/promtail/README.md | 100 +++++ wrappers/promtail/main.tf | 79 ++++ wrappers/promtail/outputs.tf | 5 + wrappers/promtail/variables.tf | 11 + wrappers/promtail/versions.tf | 10 + wrappers/puppet/README.md | 100 +++++ wrappers/puppet/main.tf | 79 ++++ wrappers/puppet/outputs.tf | 5 + wrappers/puppet/variables.tf | 11 + wrappers/puppet/versions.tf | 10 + wrappers/rabbitmq/README.md | 100 +++++ wrappers/rabbitmq/main.tf | 79 ++++ wrappers/rabbitmq/outputs.tf | 5 + wrappers/rabbitmq/variables.tf | 11 + wrappers/rabbitmq/versions.tf | 10 + wrappers/rdp/README.md | 100 +++++ wrappers/rdp/main.tf | 79 ++++ wrappers/rdp/outputs.tf | 5 + wrappers/rdp/variables.tf | 11 + wrappers/rdp/versions.tf | 10 + wrappers/redis/README.md | 100 +++++ wrappers/redis/main.tf | 79 ++++ wrappers/redis/outputs.tf | 5 + wrappers/redis/variables.tf | 11 + wrappers/redis/versions.tf | 10 + wrappers/redshift/README.md | 100 +++++ wrappers/redshift/main.tf | 79 ++++ wrappers/redshift/outputs.tf | 5 + wrappers/redshift/variables.tf | 11 + wrappers/redshift/versions.tf | 10 + wrappers/smtp-submission/README.md | 100 +++++ wrappers/smtp-submission/main.tf | 79 ++++ wrappers/smtp-submission/outputs.tf | 5 + wrappers/smtp-submission/variables.tf | 11 + wrappers/smtp-submission/versions.tf | 10 + wrappers/smtp/README.md | 100 +++++ wrappers/smtp/main.tf | 79 ++++ wrappers/smtp/outputs.tf | 5 + wrappers/smtp/variables.tf | 11 + wrappers/smtp/versions.tf | 10 + wrappers/smtps/README.md | 100 +++++ wrappers/smtps/main.tf | 79 ++++ wrappers/smtps/outputs.tf | 5 + wrappers/smtps/variables.tf | 11 + wrappers/smtps/versions.tf | 10 + wrappers/solr/README.md | 100 +++++ wrappers/solr/main.tf | 79 ++++ wrappers/solr/outputs.tf | 5 + wrappers/solr/variables.tf | 11 + wrappers/solr/versions.tf | 10 + wrappers/splunk/README.md | 100 +++++ wrappers/splunk/main.tf | 79 ++++ wrappers/splunk/outputs.tf | 5 + wrappers/splunk/variables.tf | 11 + wrappers/splunk/versions.tf | 10 + wrappers/squid/README.md | 100 +++++ wrappers/squid/main.tf | 79 ++++ wrappers/squid/outputs.tf | 5 + wrappers/squid/variables.tf | 11 + wrappers/squid/versions.tf | 10 + wrappers/ssh/README.md | 100 +++++ wrappers/ssh/main.tf | 79 ++++ wrappers/ssh/outputs.tf | 5 + wrappers/ssh/variables.tf | 11 + wrappers/ssh/versions.tf | 10 + wrappers/storm/README.md | 100 +++++ wrappers/storm/main.tf | 79 ++++ wrappers/storm/outputs.tf | 5 + wrappers/storm/variables.tf | 11 + wrappers/storm/versions.tf | 10 + wrappers/variables.tf | 11 + wrappers/vault/README.md | 100 +++++ wrappers/vault/main.tf | 79 ++++ wrappers/vault/outputs.tf | 5 + wrappers/vault/variables.tf | 11 + wrappers/vault/versions.tf | 10 + wrappers/versions.tf | 10 + wrappers/wazuh/README.md | 100 +++++ wrappers/wazuh/main.tf | 79 ++++ wrappers/wazuh/outputs.tf | 5 + wrappers/wazuh/variables.tf | 11 + wrappers/wazuh/versions.tf | 10 + wrappers/web/README.md | 100 +++++ wrappers/web/main.tf | 79 ++++ wrappers/web/outputs.tf | 5 + wrappers/web/variables.tf | 11 + wrappers/web/versions.tf | 10 + wrappers/winrm/README.md | 100 +++++ wrappers/winrm/main.tf | 79 ++++ wrappers/winrm/outputs.tf | 5 + wrappers/winrm/variables.tf | 11 + wrappers/winrm/versions.tf | 10 + wrappers/zabbix/README.md | 100 +++++ wrappers/zabbix/main.tf | 79 ++++ wrappers/zabbix/outputs.tf | 5 + wrappers/zabbix/variables.tf | 11 + wrappers/zabbix/versions.tf | 10 + wrappers/zipkin/README.md | 100 +++++ wrappers/zipkin/main.tf | 79 ++++ wrappers/zipkin/outputs.tf | 5 + wrappers/zipkin/variables.tf | 11 + wrappers/zipkin/versions.tf | 10 + wrappers/zookeeper/README.md | 100 +++++ wrappers/zookeeper/main.tf | 79 ++++ wrappers/zookeeper/outputs.tf | 5 + wrappers/zookeeper/variables.tf | 11 + wrappers/zookeeper/versions.tf | 10 + 296 files changed, 12570 insertions(+), 1 deletion(-) create mode 100644 wrappers/README.md create mode 100644 wrappers/_templates/README.md create mode 100644 wrappers/_templates/main.tf create mode 100644 wrappers/_templates/outputs.tf create mode 100644 wrappers/_templates/variables.tf create mode 100644 wrappers/_templates/versions.tf create mode 100644 wrappers/activemq/README.md create mode 100644 wrappers/activemq/main.tf create mode 100644 wrappers/activemq/outputs.tf create mode 100644 wrappers/activemq/variables.tf create mode 100644 wrappers/activemq/versions.tf create mode 100644 wrappers/alertmanager/README.md create mode 100644 wrappers/alertmanager/main.tf create mode 100644 wrappers/alertmanager/outputs.tf create mode 100644 wrappers/alertmanager/variables.tf create mode 100644 wrappers/alertmanager/versions.tf create mode 100644 wrappers/carbon-relay-ng/README.md create mode 100644 wrappers/carbon-relay-ng/main.tf create mode 100644 wrappers/carbon-relay-ng/outputs.tf create mode 100644 wrappers/carbon-relay-ng/variables.tf create mode 100644 wrappers/carbon-relay-ng/versions.tf create mode 100644 wrappers/cassandra/README.md create mode 100644 wrappers/cassandra/main.tf create mode 100644 wrappers/cassandra/outputs.tf create mode 100644 wrappers/cassandra/variables.tf create mode 100644 wrappers/cassandra/versions.tf create mode 100644 wrappers/consul/README.md create mode 100644 wrappers/consul/main.tf create mode 100644 wrappers/consul/outputs.tf create mode 100644 wrappers/consul/variables.tf create mode 100644 wrappers/consul/versions.tf create mode 100644 wrappers/dax-cluster/README.md create mode 100644 wrappers/dax-cluster/main.tf create mode 100644 wrappers/dax-cluster/outputs.tf create mode 100644 wrappers/dax-cluster/variables.tf create mode 100644 wrappers/dax-cluster/versions.tf create mode 100644 wrappers/docker-swarm/README.md create mode 100644 wrappers/docker-swarm/main.tf create mode 100644 wrappers/docker-swarm/outputs.tf create mode 100644 wrappers/docker-swarm/variables.tf create mode 100644 wrappers/docker-swarm/versions.tf create mode 100644 wrappers/elasticsearch/README.md create mode 100644 wrappers/elasticsearch/main.tf create mode 100644 wrappers/elasticsearch/outputs.tf create mode 100644 wrappers/elasticsearch/variables.tf create mode 100644 wrappers/elasticsearch/versions.tf create mode 100644 wrappers/etcd/README.md create mode 100644 wrappers/etcd/main.tf create mode 100644 wrappers/etcd/outputs.tf create mode 100644 wrappers/etcd/variables.tf create mode 100644 wrappers/etcd/versions.tf create mode 100644 wrappers/grafana/README.md create mode 100644 wrappers/grafana/main.tf create mode 100644 wrappers/grafana/outputs.tf create mode 100644 wrappers/grafana/variables.tf create mode 100644 wrappers/grafana/versions.tf create mode 100644 wrappers/graphite-statsd/README.md create mode 100644 wrappers/graphite-statsd/main.tf create mode 100644 wrappers/graphite-statsd/outputs.tf create mode 100644 wrappers/graphite-statsd/variables.tf create mode 100644 wrappers/graphite-statsd/versions.tf create mode 100644 wrappers/http-80/README.md create mode 100644 wrappers/http-80/main.tf create mode 100644 wrappers/http-80/outputs.tf create mode 100644 wrappers/http-80/variables.tf create mode 100644 wrappers/http-80/versions.tf create mode 100644 wrappers/http-8080/README.md create mode 100644 wrappers/http-8080/main.tf create mode 100644 wrappers/http-8080/outputs.tf create mode 100644 wrappers/http-8080/variables.tf create mode 100644 wrappers/http-8080/versions.tf create mode 100644 wrappers/https-443/README.md create mode 100644 wrappers/https-443/main.tf create mode 100644 wrappers/https-443/outputs.tf create mode 100644 wrappers/https-443/variables.tf create mode 100644 wrappers/https-443/versions.tf create mode 100644 wrappers/https-8443/README.md create mode 100644 wrappers/https-8443/main.tf create mode 100644 wrappers/https-8443/outputs.tf create mode 100644 wrappers/https-8443/variables.tf create mode 100644 wrappers/https-8443/versions.tf create mode 100644 wrappers/ipsec-4500/README.md create mode 100644 wrappers/ipsec-4500/main.tf create mode 100644 wrappers/ipsec-4500/outputs.tf create mode 100644 wrappers/ipsec-4500/variables.tf create mode 100644 wrappers/ipsec-4500/versions.tf create mode 100644 wrappers/ipsec-500/README.md create mode 100644 wrappers/ipsec-500/main.tf create mode 100644 wrappers/ipsec-500/outputs.tf create mode 100644 wrappers/ipsec-500/variables.tf create mode 100644 wrappers/ipsec-500/versions.tf create mode 100644 wrappers/kafka/README.md create mode 100644 wrappers/kafka/main.tf create mode 100644 wrappers/kafka/outputs.tf create mode 100644 wrappers/kafka/variables.tf create mode 100644 wrappers/kafka/versions.tf create mode 100644 wrappers/kibana/README.md create mode 100644 wrappers/kibana/main.tf create mode 100644 wrappers/kibana/outputs.tf create mode 100644 wrappers/kibana/variables.tf create mode 100644 wrappers/kibana/versions.tf create mode 100644 wrappers/kubernetes-api/README.md create mode 100644 wrappers/kubernetes-api/main.tf create mode 100644 wrappers/kubernetes-api/outputs.tf create mode 100644 wrappers/kubernetes-api/variables.tf create mode 100644 wrappers/kubernetes-api/versions.tf create mode 100644 wrappers/ldap/README.md create mode 100644 wrappers/ldap/main.tf create mode 100644 wrappers/ldap/outputs.tf create mode 100644 wrappers/ldap/variables.tf create mode 100644 wrappers/ldap/versions.tf create mode 100644 wrappers/ldaps/README.md create mode 100644 wrappers/ldaps/main.tf create mode 100644 wrappers/ldaps/outputs.tf create mode 100644 wrappers/ldaps/variables.tf create mode 100644 wrappers/ldaps/versions.tf create mode 100644 wrappers/logstash/README.md create mode 100644 wrappers/logstash/main.tf create mode 100644 wrappers/logstash/outputs.tf create mode 100644 wrappers/logstash/variables.tf create mode 100644 wrappers/logstash/versions.tf create mode 100644 wrappers/loki/README.md create mode 100644 wrappers/loki/main.tf create mode 100644 wrappers/loki/outputs.tf create mode 100644 wrappers/loki/variables.tf create mode 100644 wrappers/loki/versions.tf create mode 100644 wrappers/main.tf create mode 100644 wrappers/memcached/README.md create mode 100644 wrappers/memcached/main.tf create mode 100644 wrappers/memcached/outputs.tf create mode 100644 wrappers/memcached/variables.tf create mode 100644 wrappers/memcached/versions.tf create mode 100644 wrappers/minio/README.md create mode 100644 wrappers/minio/main.tf create mode 100644 wrappers/minio/outputs.tf create mode 100644 wrappers/minio/variables.tf create mode 100644 wrappers/minio/versions.tf create mode 100644 wrappers/mongodb/README.md create mode 100644 wrappers/mongodb/main.tf create mode 100644 wrappers/mongodb/outputs.tf create mode 100644 wrappers/mongodb/variables.tf create mode 100644 wrappers/mongodb/versions.tf create mode 100644 wrappers/mssql/README.md create mode 100644 wrappers/mssql/main.tf create mode 100644 wrappers/mssql/outputs.tf create mode 100644 wrappers/mssql/variables.tf create mode 100644 wrappers/mssql/versions.tf create mode 100644 wrappers/mysql/README.md create mode 100644 wrappers/mysql/main.tf create mode 100644 wrappers/mysql/outputs.tf create mode 100644 wrappers/mysql/variables.tf create mode 100644 wrappers/mysql/versions.tf create mode 100644 wrappers/nfs/README.md create mode 100644 wrappers/nfs/main.tf create mode 100644 wrappers/nfs/outputs.tf create mode 100644 wrappers/nfs/variables.tf create mode 100644 wrappers/nfs/versions.tf create mode 100644 wrappers/nomad/README.md create mode 100644 wrappers/nomad/main.tf create mode 100644 wrappers/nomad/outputs.tf create mode 100644 wrappers/nomad/variables.tf create mode 100644 wrappers/nomad/versions.tf create mode 100644 wrappers/ntp/README.md create mode 100644 wrappers/ntp/main.tf create mode 100644 wrappers/ntp/outputs.tf create mode 100644 wrappers/ntp/variables.tf create mode 100644 wrappers/ntp/versions.tf create mode 100644 wrappers/openvpn/README.md create mode 100644 wrappers/openvpn/main.tf create mode 100644 wrappers/openvpn/outputs.tf create mode 100644 wrappers/openvpn/variables.tf create mode 100644 wrappers/openvpn/versions.tf create mode 100644 wrappers/oracle-db/README.md create mode 100644 wrappers/oracle-db/main.tf create mode 100644 wrappers/oracle-db/outputs.tf create mode 100644 wrappers/oracle-db/variables.tf create mode 100644 wrappers/oracle-db/versions.tf create mode 100644 wrappers/outputs.tf create mode 100644 wrappers/postgresql/README.md create mode 100644 wrappers/postgresql/main.tf create mode 100644 wrappers/postgresql/outputs.tf create mode 100644 wrappers/postgresql/variables.tf create mode 100644 wrappers/postgresql/versions.tf create mode 100644 wrappers/prometheus/README.md create mode 100644 wrappers/prometheus/main.tf create mode 100644 wrappers/prometheus/outputs.tf create mode 100644 wrappers/prometheus/variables.tf create mode 100644 wrappers/prometheus/versions.tf create mode 100644 wrappers/promtail/README.md create mode 100644 wrappers/promtail/main.tf create mode 100644 wrappers/promtail/outputs.tf create mode 100644 wrappers/promtail/variables.tf create mode 100644 wrappers/promtail/versions.tf create mode 100644 wrappers/puppet/README.md create mode 100644 wrappers/puppet/main.tf create mode 100644 wrappers/puppet/outputs.tf create mode 100644 wrappers/puppet/variables.tf create mode 100644 wrappers/puppet/versions.tf create mode 100644 wrappers/rabbitmq/README.md create mode 100644 wrappers/rabbitmq/main.tf create mode 100644 wrappers/rabbitmq/outputs.tf create mode 100644 wrappers/rabbitmq/variables.tf create mode 100644 wrappers/rabbitmq/versions.tf create mode 100644 wrappers/rdp/README.md create mode 100644 wrappers/rdp/main.tf create mode 100644 wrappers/rdp/outputs.tf create mode 100644 wrappers/rdp/variables.tf create mode 100644 wrappers/rdp/versions.tf create mode 100644 wrappers/redis/README.md create mode 100644 wrappers/redis/main.tf create mode 100644 wrappers/redis/outputs.tf create mode 100644 wrappers/redis/variables.tf create mode 100644 wrappers/redis/versions.tf create mode 100644 wrappers/redshift/README.md create mode 100644 wrappers/redshift/main.tf create mode 100644 wrappers/redshift/outputs.tf create mode 100644 wrappers/redshift/variables.tf create mode 100644 wrappers/redshift/versions.tf create mode 100644 wrappers/smtp-submission/README.md create mode 100644 wrappers/smtp-submission/main.tf create mode 100644 wrappers/smtp-submission/outputs.tf create mode 100644 wrappers/smtp-submission/variables.tf create mode 100644 wrappers/smtp-submission/versions.tf create mode 100644 wrappers/smtp/README.md create mode 100644 wrappers/smtp/main.tf create mode 100644 wrappers/smtp/outputs.tf create mode 100644 wrappers/smtp/variables.tf create mode 100644 wrappers/smtp/versions.tf create mode 100644 wrappers/smtps/README.md create mode 100644 wrappers/smtps/main.tf create mode 100644 wrappers/smtps/outputs.tf create mode 100644 wrappers/smtps/variables.tf create mode 100644 wrappers/smtps/versions.tf create mode 100644 wrappers/solr/README.md create mode 100644 wrappers/solr/main.tf create mode 100644 wrappers/solr/outputs.tf create mode 100644 wrappers/solr/variables.tf create mode 100644 wrappers/solr/versions.tf create mode 100644 wrappers/splunk/README.md create mode 100644 wrappers/splunk/main.tf create mode 100644 wrappers/splunk/outputs.tf create mode 100644 wrappers/splunk/variables.tf create mode 100644 wrappers/splunk/versions.tf create mode 100644 wrappers/squid/README.md create mode 100644 wrappers/squid/main.tf create mode 100644 wrappers/squid/outputs.tf create mode 100644 wrappers/squid/variables.tf create mode 100644 wrappers/squid/versions.tf create mode 100644 wrappers/ssh/README.md create mode 100644 wrappers/ssh/main.tf create mode 100644 wrappers/ssh/outputs.tf create mode 100644 wrappers/ssh/variables.tf create mode 100644 wrappers/ssh/versions.tf create mode 100644 wrappers/storm/README.md create mode 100644 wrappers/storm/main.tf create mode 100644 wrappers/storm/outputs.tf create mode 100644 wrappers/storm/variables.tf create mode 100644 wrappers/storm/versions.tf create mode 100644 wrappers/variables.tf create mode 100644 wrappers/vault/README.md create mode 100644 wrappers/vault/main.tf create mode 100644 wrappers/vault/outputs.tf create mode 100644 wrappers/vault/variables.tf create mode 100644 wrappers/vault/versions.tf create mode 100644 wrappers/versions.tf create mode 100644 wrappers/wazuh/README.md create mode 100644 wrappers/wazuh/main.tf create mode 100644 wrappers/wazuh/outputs.tf create mode 100644 wrappers/wazuh/variables.tf create mode 100644 wrappers/wazuh/versions.tf create mode 100644 wrappers/web/README.md create mode 100644 wrappers/web/main.tf create mode 100644 wrappers/web/outputs.tf create mode 100644 wrappers/web/variables.tf create mode 100644 wrappers/web/versions.tf create mode 100644 wrappers/winrm/README.md create mode 100644 wrappers/winrm/main.tf create mode 100644 wrappers/winrm/outputs.tf create mode 100644 wrappers/winrm/variables.tf create mode 100644 wrappers/winrm/versions.tf create mode 100644 wrappers/zabbix/README.md create mode 100644 wrappers/zabbix/main.tf create mode 100644 wrappers/zabbix/outputs.tf create mode 100644 wrappers/zabbix/variables.tf create mode 100644 wrappers/zabbix/versions.tf create mode 100644 wrappers/zipkin/README.md create mode 100644 wrappers/zipkin/main.tf create mode 100644 wrappers/zipkin/outputs.tf create mode 100644 wrappers/zipkin/variables.tf create mode 100644 wrappers/zipkin/versions.tf create mode 100644 wrappers/zookeeper/README.md create mode 100644 wrappers/zookeeper/main.tf create mode 100644 wrappers/zookeeper/outputs.tf create mode 100644 wrappers/zookeeper/variables.tf create mode 100644 wrappers/zookeeper/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8fbf9401..a0f27228 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,14 +3,17 @@ repos: rev: v1.96.1 hooks: - id: terraform_fmt + - id: terraform_wrapper_module_for_each - id: terraform_docs args: - '--args=--lockfile=false' - id: terraform_validate - exclude: '^modules/_templates/[^/]+$' + exclude: '^modules/_templates/[^/]+$|^wrappers/.+$' - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer - id: trailing-whitespace + - id: mixed-line-ending + args: [--fix=lf] diff --git a/wrappers/README.md b/wrappers/README.md new file mode 100644 index 00000000..1fde665b --- /dev/null +++ b/wrappers/README.md @@ -0,0 +1,100 @@ +# Wrapper for the root module + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/_templates/README.md b/wrappers/_templates/README.md new file mode 100644 index 00000000..4880c4df --- /dev/null +++ b/wrappers/_templates/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/_templates` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/_templates" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/_templates?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/_templates" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/_templates/main.tf b/wrappers/_templates/main.tf new file mode 100644 index 00000000..a63ed9f1 --- /dev/null +++ b/wrappers/_templates/main.tf @@ -0,0 +1,67 @@ +module "wrapper" { + source = "../../modules/_templates" + + for_each = var.items + + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/_templates/outputs.tf b/wrappers/_templates/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/_templates/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/_templates/variables.tf b/wrappers/_templates/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/_templates/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/_templates/versions.tf b/wrappers/_templates/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/_templates/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/activemq/README.md b/wrappers/activemq/README.md new file mode 100644 index 00000000..310b5e9d --- /dev/null +++ b/wrappers/activemq/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/activemq` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/activemq" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/activemq?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/activemq" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/activemq/main.tf b/wrappers/activemq/main.tf new file mode 100644 index 00000000..a8e048ba --- /dev/null +++ b/wrappers/activemq/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/activemq" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/activemq/outputs.tf b/wrappers/activemq/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/activemq/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/activemq/variables.tf b/wrappers/activemq/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/activemq/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/activemq/versions.tf b/wrappers/activemq/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/activemq/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/alertmanager/README.md b/wrappers/alertmanager/README.md new file mode 100644 index 00000000..4810b02e --- /dev/null +++ b/wrappers/alertmanager/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/alertmanager` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/alertmanager" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/alertmanager?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/alertmanager" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/alertmanager/main.tf b/wrappers/alertmanager/main.tf new file mode 100644 index 00000000..93e495cf --- /dev/null +++ b/wrappers/alertmanager/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/alertmanager" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["alertmanager-9093-tcp", "alertmanager-9094-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/alertmanager/outputs.tf b/wrappers/alertmanager/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/alertmanager/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/alertmanager/variables.tf b/wrappers/alertmanager/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/alertmanager/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/alertmanager/versions.tf b/wrappers/alertmanager/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/alertmanager/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/carbon-relay-ng/README.md b/wrappers/carbon-relay-ng/README.md new file mode 100644 index 00000000..71246ee8 --- /dev/null +++ b/wrappers/carbon-relay-ng/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/carbon-relay-ng` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/carbon-relay-ng" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/carbon-relay-ng?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/carbon-relay-ng" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/carbon-relay-ng/main.tf b/wrappers/carbon-relay-ng/main.tf new file mode 100644 index 00000000..a54d5b8f --- /dev/null +++ b/wrappers/carbon-relay-ng/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/carbon-relay-ng" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/carbon-relay-ng/outputs.tf b/wrappers/carbon-relay-ng/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/carbon-relay-ng/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/carbon-relay-ng/variables.tf b/wrappers/carbon-relay-ng/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/carbon-relay-ng/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/carbon-relay-ng/versions.tf b/wrappers/carbon-relay-ng/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/carbon-relay-ng/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/cassandra/README.md b/wrappers/cassandra/README.md new file mode 100644 index 00000000..8edfb5b3 --- /dev/null +++ b/wrappers/cassandra/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/cassandra` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/cassandra" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/cassandra?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/cassandra" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/cassandra/main.tf b/wrappers/cassandra/main.tf new file mode 100644 index 00000000..c7c2854d --- /dev/null +++ b/wrappers/cassandra/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/cassandra" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/cassandra/outputs.tf b/wrappers/cassandra/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/cassandra/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/cassandra/variables.tf b/wrappers/cassandra/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/cassandra/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/cassandra/versions.tf b/wrappers/cassandra/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/cassandra/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/consul/README.md b/wrappers/consul/README.md new file mode 100644 index 00000000..dd8324ff --- /dev/null +++ b/wrappers/consul/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/consul` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/consul" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/consul?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/consul" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/consul/main.tf b/wrappers/consul/main.tf new file mode 100644 index 00000000..f094982f --- /dev/null +++ b/wrappers/consul/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/consul" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["consul-tcp", "consul-grpc-tcp", "consul-grpc-tcp-tls", "consul-webui-http-tcp", "consul-webui-https-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/consul/outputs.tf b/wrappers/consul/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/consul/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/consul/variables.tf b/wrappers/consul/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/consul/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/consul/versions.tf b/wrappers/consul/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/consul/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/dax-cluster/README.md b/wrappers/dax-cluster/README.md new file mode 100644 index 00000000..a9207bde --- /dev/null +++ b/wrappers/dax-cluster/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/dax-cluster` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/dax-cluster" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/dax-cluster?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/dax-cluster" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/dax-cluster/main.tf b/wrappers/dax-cluster/main.tf new file mode 100644 index 00000000..9bec23c7 --- /dev/null +++ b/wrappers/dax-cluster/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/dax-cluster" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["dax-cluster-unencrypted-tcp", "dax-cluster-encrypted-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/dax-cluster/outputs.tf b/wrappers/dax-cluster/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/dax-cluster/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/dax-cluster/variables.tf b/wrappers/dax-cluster/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/dax-cluster/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/dax-cluster/versions.tf b/wrappers/dax-cluster/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/dax-cluster/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/docker-swarm/README.md b/wrappers/docker-swarm/README.md new file mode 100644 index 00000000..b4b3a6e0 --- /dev/null +++ b/wrappers/docker-swarm/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/docker-swarm` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/docker-swarm" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/docker-swarm?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/docker-swarm" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/docker-swarm/main.tf b/wrappers/docker-swarm/main.tf new file mode 100644 index 00000000..0f867d10 --- /dev/null +++ b/wrappers/docker-swarm/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/docker-swarm" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/docker-swarm/outputs.tf b/wrappers/docker-swarm/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/docker-swarm/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/docker-swarm/variables.tf b/wrappers/docker-swarm/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/docker-swarm/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/docker-swarm/versions.tf b/wrappers/docker-swarm/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/docker-swarm/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/elasticsearch/README.md b/wrappers/elasticsearch/README.md new file mode 100644 index 00000000..d1c1dccb --- /dev/null +++ b/wrappers/elasticsearch/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/elasticsearch` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/elasticsearch" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/elasticsearch?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/elasticsearch" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/elasticsearch/main.tf b/wrappers/elasticsearch/main.tf new file mode 100644 index 00000000..324df290 --- /dev/null +++ b/wrappers/elasticsearch/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/elasticsearch" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/elasticsearch/outputs.tf b/wrappers/elasticsearch/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/elasticsearch/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/elasticsearch/variables.tf b/wrappers/elasticsearch/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/elasticsearch/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/elasticsearch/versions.tf b/wrappers/elasticsearch/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/elasticsearch/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/etcd/README.md b/wrappers/etcd/README.md new file mode 100644 index 00000000..a7d3590f --- /dev/null +++ b/wrappers/etcd/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/etcd` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/etcd" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/etcd?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/etcd" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/etcd/main.tf b/wrappers/etcd/main.tf new file mode 100644 index 00000000..ef6995fd --- /dev/null +++ b/wrappers/etcd/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/etcd" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["etcd-client-tcp", "etcd-peer-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/etcd/outputs.tf b/wrappers/etcd/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/etcd/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/etcd/variables.tf b/wrappers/etcd/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/etcd/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/etcd/versions.tf b/wrappers/etcd/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/etcd/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/grafana/README.md b/wrappers/grafana/README.md new file mode 100644 index 00000000..fbbbdc93 --- /dev/null +++ b/wrappers/grafana/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/grafana` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/grafana" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/grafana?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/grafana" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/grafana/main.tf b/wrappers/grafana/main.tf new file mode 100644 index 00000000..90732969 --- /dev/null +++ b/wrappers/grafana/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/grafana" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["grafana-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/grafana/outputs.tf b/wrappers/grafana/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/grafana/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/grafana/variables.tf b/wrappers/grafana/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/grafana/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/grafana/versions.tf b/wrappers/grafana/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/grafana/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/graphite-statsd/README.md b/wrappers/graphite-statsd/README.md new file mode 100644 index 00000000..489a1bb1 --- /dev/null +++ b/wrappers/graphite-statsd/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/graphite-statsd` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/graphite-statsd" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/graphite-statsd?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/graphite-statsd" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/graphite-statsd/main.tf b/wrappers/graphite-statsd/main.tf new file mode 100644 index 00000000..5a84f89e --- /dev/null +++ b/wrappers/graphite-statsd/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/graphite-statsd" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["graphite-webui", "graphite-2003-tcp", "graphite-2004-tcp", "graphite-2023-tcp", "graphite-2024-tcp", "graphite-8080-tcp", "graphite-8125-tcp", "graphite-8125-udp", "graphite-8126-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/graphite-statsd/outputs.tf b/wrappers/graphite-statsd/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/graphite-statsd/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/graphite-statsd/variables.tf b/wrappers/graphite-statsd/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/graphite-statsd/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/graphite-statsd/versions.tf b/wrappers/graphite-statsd/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/graphite-statsd/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/http-80/README.md b/wrappers/http-80/README.md new file mode 100644 index 00000000..bf497445 --- /dev/null +++ b/wrappers/http-80/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/http-80` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/http-80" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/http-80?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/http-80" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/http-80/main.tf b/wrappers/http-80/main.tf new file mode 100644 index 00000000..fd4161d5 --- /dev/null +++ b/wrappers/http-80/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/http-80" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["http-80-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/http-80/outputs.tf b/wrappers/http-80/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/http-80/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/http-80/variables.tf b/wrappers/http-80/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/http-80/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/http-80/versions.tf b/wrappers/http-80/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/http-80/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/http-8080/README.md b/wrappers/http-8080/README.md new file mode 100644 index 00000000..e78611f1 --- /dev/null +++ b/wrappers/http-8080/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/http-8080` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/http-8080" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/http-8080?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/http-8080" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/http-8080/main.tf b/wrappers/http-8080/main.tf new file mode 100644 index 00000000..c86eab72 --- /dev/null +++ b/wrappers/http-8080/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/http-8080" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["http-8080-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/http-8080/outputs.tf b/wrappers/http-8080/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/http-8080/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/http-8080/variables.tf b/wrappers/http-8080/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/http-8080/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/http-8080/versions.tf b/wrappers/http-8080/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/http-8080/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/https-443/README.md b/wrappers/https-443/README.md new file mode 100644 index 00000000..99cd9573 --- /dev/null +++ b/wrappers/https-443/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/https-443` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/https-443" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/https-443?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/https-443" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/https-443/main.tf b/wrappers/https-443/main.tf new file mode 100644 index 00000000..b8a4d6f2 --- /dev/null +++ b/wrappers/https-443/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/https-443" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["https-443-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/https-443/outputs.tf b/wrappers/https-443/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/https-443/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/https-443/variables.tf b/wrappers/https-443/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/https-443/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/https-443/versions.tf b/wrappers/https-443/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/https-443/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/https-8443/README.md b/wrappers/https-8443/README.md new file mode 100644 index 00000000..12bd280a --- /dev/null +++ b/wrappers/https-8443/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/https-8443` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/https-8443" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/https-8443?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/https-8443" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/https-8443/main.tf b/wrappers/https-8443/main.tf new file mode 100644 index 00000000..55ffa4f5 --- /dev/null +++ b/wrappers/https-8443/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/https-8443" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["https-8443-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/https-8443/outputs.tf b/wrappers/https-8443/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/https-8443/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/https-8443/variables.tf b/wrappers/https-8443/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/https-8443/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/https-8443/versions.tf b/wrappers/https-8443/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/https-8443/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/ipsec-4500/README.md b/wrappers/ipsec-4500/README.md new file mode 100644 index 00000000..b79037ac --- /dev/null +++ b/wrappers/ipsec-4500/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/ipsec-4500` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/ipsec-4500" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/ipsec-4500?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/ipsec-4500" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/ipsec-4500/main.tf b/wrappers/ipsec-4500/main.tf new file mode 100644 index 00000000..884769c8 --- /dev/null +++ b/wrappers/ipsec-4500/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/ipsec-4500" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["ipsec-4500-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/ipsec-4500/outputs.tf b/wrappers/ipsec-4500/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/ipsec-4500/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/ipsec-4500/variables.tf b/wrappers/ipsec-4500/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/ipsec-4500/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/ipsec-4500/versions.tf b/wrappers/ipsec-4500/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/ipsec-4500/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/ipsec-500/README.md b/wrappers/ipsec-500/README.md new file mode 100644 index 00000000..6bdfbf0e --- /dev/null +++ b/wrappers/ipsec-500/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/ipsec-500` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/ipsec-500" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/ipsec-500?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/ipsec-500" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/ipsec-500/main.tf b/wrappers/ipsec-500/main.tf new file mode 100644 index 00000000..3ddecd6b --- /dev/null +++ b/wrappers/ipsec-500/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/ipsec-500" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["ipsec-500-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/ipsec-500/outputs.tf b/wrappers/ipsec-500/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/ipsec-500/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/ipsec-500/variables.tf b/wrappers/ipsec-500/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/ipsec-500/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/ipsec-500/versions.tf b/wrappers/ipsec-500/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/ipsec-500/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/kafka/README.md b/wrappers/kafka/README.md new file mode 100644 index 00000000..1dc88b03 --- /dev/null +++ b/wrappers/kafka/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/kafka` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/kafka" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/kafka?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/kafka" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/kafka/main.tf b/wrappers/kafka/main.tf new file mode 100644 index 00000000..d654f96d --- /dev/null +++ b/wrappers/kafka/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/kafka" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["kafka-broker-tcp", "kafka-broker-tls-tcp", "kafka-broker-tls-public-tcp", "kafka-broker-sasl-scram-tcp", "kafka-broker-sasl-scram-tcp", "kafka-broker-sasl-iam-tcp", "kafka-broker-sasl-iam-public-tcp", "kafka-jmx-exporter-tcp", "kafka-node-exporter-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/kafka/outputs.tf b/wrappers/kafka/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/kafka/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/kafka/variables.tf b/wrappers/kafka/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/kafka/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/kafka/versions.tf b/wrappers/kafka/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/kafka/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/kibana/README.md b/wrappers/kibana/README.md new file mode 100644 index 00000000..27fa0227 --- /dev/null +++ b/wrappers/kibana/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/kibana` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/kibana" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/kibana?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/kibana" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/kibana/main.tf b/wrappers/kibana/main.tf new file mode 100644 index 00000000..dd3dab8f --- /dev/null +++ b/wrappers/kibana/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/kibana" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["kibana-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/kibana/outputs.tf b/wrappers/kibana/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/kibana/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/kibana/variables.tf b/wrappers/kibana/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/kibana/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/kibana/versions.tf b/wrappers/kibana/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/kibana/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/kubernetes-api/README.md b/wrappers/kubernetes-api/README.md new file mode 100644 index 00000000..bf613a72 --- /dev/null +++ b/wrappers/kubernetes-api/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/kubernetes-api` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/kubernetes-api" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/kubernetes-api?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/kubernetes-api" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/kubernetes-api/main.tf b/wrappers/kubernetes-api/main.tf new file mode 100644 index 00000000..eab20653 --- /dev/null +++ b/wrappers/kubernetes-api/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/kubernetes-api" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["kubernetes-api-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/kubernetes-api/outputs.tf b/wrappers/kubernetes-api/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/kubernetes-api/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/kubernetes-api/variables.tf b/wrappers/kubernetes-api/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/kubernetes-api/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/kubernetes-api/versions.tf b/wrappers/kubernetes-api/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/kubernetes-api/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/ldap/README.md b/wrappers/ldap/README.md new file mode 100644 index 00000000..cf571a85 --- /dev/null +++ b/wrappers/ldap/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/ldap` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/ldap" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/ldap?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/ldap" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/ldap/main.tf b/wrappers/ldap/main.tf new file mode 100644 index 00000000..6e239b82 --- /dev/null +++ b/wrappers/ldap/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/ldap" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["ldap-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/ldap/outputs.tf b/wrappers/ldap/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/ldap/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/ldap/variables.tf b/wrappers/ldap/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/ldap/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/ldap/versions.tf b/wrappers/ldap/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/ldap/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/ldaps/README.md b/wrappers/ldaps/README.md new file mode 100644 index 00000000..40733627 --- /dev/null +++ b/wrappers/ldaps/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/ldaps` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/ldaps" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/ldaps?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/ldaps" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/ldaps/main.tf b/wrappers/ldaps/main.tf new file mode 100644 index 00000000..812457ba --- /dev/null +++ b/wrappers/ldaps/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/ldaps" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["ldaps-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/ldaps/outputs.tf b/wrappers/ldaps/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/ldaps/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/ldaps/variables.tf b/wrappers/ldaps/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/ldaps/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/ldaps/versions.tf b/wrappers/ldaps/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/ldaps/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/logstash/README.md b/wrappers/logstash/README.md new file mode 100644 index 00000000..55f47cec --- /dev/null +++ b/wrappers/logstash/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/logstash` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/logstash" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/logstash?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/logstash" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/logstash/main.tf b/wrappers/logstash/main.tf new file mode 100644 index 00000000..d3489369 --- /dev/null +++ b/wrappers/logstash/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/logstash" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["logstash-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/logstash/outputs.tf b/wrappers/logstash/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/logstash/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/logstash/variables.tf b/wrappers/logstash/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/logstash/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/logstash/versions.tf b/wrappers/logstash/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/logstash/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/loki/README.md b/wrappers/loki/README.md new file mode 100644 index 00000000..ae96802f --- /dev/null +++ b/wrappers/loki/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/loki` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/loki" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/loki?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/loki" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/loki/main.tf b/wrappers/loki/main.tf new file mode 100644 index 00000000..85fcacea --- /dev/null +++ b/wrappers/loki/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/loki" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["loki-grafana", "loki-grafana-grpc"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/loki/outputs.tf b/wrappers/loki/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/loki/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/loki/variables.tf b/wrappers/loki/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/loki/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/loki/versions.tf b/wrappers/loki/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/loki/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/main.tf b/wrappers/main.tf new file mode 100644 index 00000000..83712d17 --- /dev/null +++ b/wrappers/main.tf @@ -0,0 +1,562 @@ +module "wrapper" { + source = "../" + + for_each = var.items + + auto_groups = try(each.value.auto_groups, var.defaults.auto_groups, { + activemq = { + ingress_rules = ["activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + alertmanager = { + ingress_rules = ["alertmanager-9093-tcp", "alertmanager-9094-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + carbon-relay-ng = { + ingress_rules = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + cassandra = { + ingress_rules = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + consul = { + ingress_rules = ["consul-tcp", "consul-grpc-tcp", "consul-grpc-tcp-tls", "consul-webui-http-tcp", "consul-webui-https-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + dax-cluster = { + ingress_rules = ["dax-cluster-unencrypted-tcp", "dax-cluster-encrypted-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + docker-swarm = { + ingress_rules = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + etcd = { + ingress_rules = ["etcd-client-tcp", "etcd-peer-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + elasticsearch = { + ingress_rules = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + grafana = { + ingress_rules = ["grafana-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + graphite-statsd = { + ingress_rules = ["graphite-webui", "graphite-2003-tcp", "graphite-2004-tcp", "graphite-2023-tcp", "graphite-2024-tcp", "graphite-8080-tcp", "graphite-8125-tcp", "graphite-8125-udp", "graphite-8126-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + http-80 = { + ingress_rules = ["http-80-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + http-8080 = { + ingress_rules = ["http-8080-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + https-443 = { + ingress_rules = ["https-443-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + https-8443 = { + ingress_rules = ["https-8443-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + ipsec-500 = { + ingress_rules = ["ipsec-500-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + ipsec-4500 = { + ingress_rules = ["ipsec-4500-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + kafka = { + ingress_rules = ["kafka-broker-tcp", "kafka-broker-tls-tcp", "kafka-broker-tls-public-tcp", "kafka-broker-sasl-scram-tcp", "kafka-broker-sasl-scram-tcp", "kafka-broker-sasl-iam-tcp", "kafka-broker-sasl-iam-public-tcp", "kafka-jmx-exporter-tcp", "kafka-node-exporter-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + kubernetes-api = { + ingress_rules = ["kubernetes-api-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + kibana = { + ingress_rules = ["kibana-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + ldap = { + ingress_rules = ["ldap-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + ldaps = { + ingress_rules = ["ldaps-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + logstash = { + ingress_rules = ["logstash-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + loki = { + ingress_rules = ["loki-grafana", "loki-grafana-grpc"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + memcached = { + ingress_rules = ["memcached-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + minio = { + ingress_rules = ["minio-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + mongodb = { + ingress_rules = ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + mysql = { + ingress_rules = ["mysql-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + mssql = { + ingress_rules = ["mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + nfs = { + ingress_rules = ["nfs-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + nomad = { + ingress_rules = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + openvpn = { + ingress_rules = ["openvpn-udp", "openvpn-tcp", "openvpn-https-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + postgresql = { + ingress_rules = ["postgresql-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + oracle-db = { + ingress_rules = ["oracle-db-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + ntp = { + ingress_rules = ["ntp-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + puppet = { + ingress_rules = ["puppet-tcp", "puppetdb-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + prometheus = { + ingress_rules = ["prometheus-http-tcp", "prometheus-pushgateway-http-tcp", "prometheus-node-exporter-http-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + promtail = { + ingress_rules = ["promtail-http"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + rabbitmq = { + ingress_rules = ["rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + rdp = { + ingress_rules = ["rdp-tcp", "rdp-udp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + redis = { + ingress_rules = ["redis-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + redshift = { + ingress_rules = ["redshift-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + smtp = { + ingress_rules = ["smtp-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + smtp-submission = { + ingress_rules = ["smtp-submission-587-tcp", "smtp-submission-2587-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + smtps = { + ingress_rules = ["smtps-465-tcp", "smtps-2465-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + solr = { + ingress_rules = ["solr-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + splunk = { + ingress_rules = ["splunk-indexer-tcp", "splunk-web-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + squid = { + ingress_rules = ["squid-proxy-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + ssh = { + ingress_rules = ["ssh-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + storm = { + ingress_rules = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + vault = { + ingress_rules = ["vault-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + wazuh = { + ingress_rules = ["wazuh-server-agent-connection-tcp", "wazuh-server-agent-connection-udp", "wazuh-server-agent-enrollment", "wazuh-server-agent-cluster-daemon", "wazuh-server-syslog-collector-tcp", "wazuh-server-syslog-collector-udp", "wazuh-server-restful-api", "wazuh-indexer-restful-api", "wazuh-dashboard", ] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + web = { + ingress_rules = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + winrm = { + ingress_rules = ["winrm-http-tcp", "winrm-https-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + zabbix = { + ingress_rules = ["zabbix-server", "zabbix-proxy", "zabbix-agent"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + zipkin = { + ingress_rules = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + zookeeper = { + ingress_rules = ["zookeeper-2181-tcp", "zookeeper-2182-tls-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } + }) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + create_sg = try(each.value.create_sg, var.defaults.create_sg, true) + create_timeout = try(each.value.create_timeout, var.defaults.create_timeout, "10m") + delete_timeout = try(each.value.delete_timeout, var.defaults.delete_timeout, "15m") + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name, null) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + rules = try(each.value.rules, var.defaults.rules, { + + activemq-5671-tcp = [5671, 5671, "tcp", "ActiveMQ AMQP"] + activemq-8883-tcp = [8883, 8883, "tcp", "ActiveMQ MQTT"] + activemq-61614-tcp = [61614, 61614, "tcp", "ActiveMQ STOMP"] + activemq-61617-tcp = [61617, 61617, "tcp", "ActiveMQ OpenWire"] + activemq-61619-tcp = [61619, 61619, "tcp", "ActiveMQ WebSocket"] + + alertmanager-9093-tcp = [9093, 9093, "tcp", "Alert Manager"] + alertmanager-9094-tcp = [9094, 9094, "tcp", "Alert Manager Cluster"] + + carbon-line-in-tcp = [2003, 2003, "tcp", "Carbon line-in"] + carbon-line-in-udp = [2003, 2003, "udp", "Carbon line-in"] + carbon-pickle-tcp = [2013, 2013, "tcp", "Carbon pickle"] + carbon-pickle-udp = [2013, 2013, "udp", "Carbon pickle"] + carbon-admin-tcp = [2004, 2004, "tcp", "Carbon admin"] + carbon-gui-udp = [8081, 8081, "tcp", "Carbon GUI"] + + cassandra-clients-tcp = [9042, 9042, "tcp", "Cassandra clients"] + cassandra-thrift-clients-tcp = [9160, 9160, "tcp", "Cassandra Thrift clients"] + cassandra-jmx-tcp = [7199, 7199, "tcp", "JMX"] + + consul-tcp = [8300, 8300, "tcp", "Consul server"] + consul-grpc-tcp = [8502, 8502, "tcp", "Consul gRPC"] + consul-grpc-tcp-tls = [8503, 8503, "tcp", "Consul gRPC TLS"] + consul-webui-http-tcp = [8500, 8500, "tcp", "Consul web UI HTTP"] + consul-webui-https-tcp = [8501, 8501, "tcp", "Consul web UI HTTPS"] + consul-dns-tcp = [8600, 8600, "tcp", "Consul DNS"] + consul-dns-udp = [8600, 8600, "udp", "Consul DNS"] + consul-serf-lan-tcp = [8301, 8301, "tcp", "Serf LAN"] + consul-serf-lan-udp = [8301, 8301, "udp", "Serf LAN"] + consul-serf-wan-tcp = [8302, 8302, "tcp", "Serf WAN"] + consul-serf-wan-udp = [8302, 8302, "udp", "Serf WAN"] + + dax-cluster-unencrypted-tcp = [8111, 8111, "tcp", "DAX Cluster unencrypted"] + dax-cluster-encrypted-tcp = [9111, 9111, "tcp", "DAX Cluster encrypted"] + + docker-swarm-mngmt-tcp = [2377, 2377, "tcp", "Docker Swarm cluster management"] + docker-swarm-node-tcp = [7946, 7946, "tcp", "Docker Swarm node"] + docker-swarm-node-udp = [7946, 7946, "udp", "Docker Swarm node"] + docker-swarm-overlay-udp = [4789, 4789, "udp", "Docker Swarm Overlay Network Traffic"] + + dns-udp = [53, 53, "udp", "DNS"] + dns-tcp = [53, 53, "tcp", "DNS"] + + etcd-client-tcp = [2379, 2379, "tcp", "Etcd Client"] + etcd-peer-tcp = [2380, 2380, "tcp", "Etcd Peer"] + + ntp-udp = [123, 123, "udp", "NTP"] + + elasticsearch-rest-tcp = [9200, 9200, "tcp", "Elasticsearch REST interface"] + elasticsearch-java-tcp = [9300, 9300, "tcp", "Elasticsearch Java interface"] + + grafana-tcp = [3000, 3000, "tcp", "Grafana Dashboard"] + + graphite-webui = [80, 80, "tcp", "Graphite admin interface"] + graphite-2003-tcp = [2003, 2003, "tcp", "Carbon receiver plain text"] + graphite-2004-tcp = [2004, 2004, "tcp", "Carbon receiver pickle"] + graphite-2023-tcp = [2023, 2023, "tcp", "Carbon aggregator plaintext"] + graphite-2024-tcp = [2024, 2024, "tcp", "Carbon aggregator pickle"] + graphite-8080-tcp = [8080, 8080, "tcp", "Graphite gunicorn port"] + graphite-8125-tcp = [8125, 8125, "tcp", "Statsd TCP"] + graphite-8125-udp = [8125, 8125, "udp", "Statsd UDP default"] + graphite-8126-tcp = [8126, 8126, "tcp", "Statsd admin"] + + http-80-tcp = [80, 80, "tcp", "HTTP"] + http-8080-tcp = [8080, 8080, "tcp", "HTTP"] + + https-443-tcp = [443, 443, "tcp", "HTTPS"] + https-8443-tcp = [8443, 8443, "tcp", "HTTPS"] + + ipsec-500-udp = [500, 500, "udp", "IPSEC ISAKMP"] + ipsec-4500-udp = [4500, 4500, "udp", "IPSEC NAT-T"] + + kafka-broker-tcp = [9092, 9092, "tcp", "Kafka PLAINTEXT enable broker 0.8.2+"] + kafka-broker-tls-tcp = [9094, 9094, "tcp", "Kafka TLS enabled broker 0.8.2+"] + kafka-broker-tls-public-tcp = [9194, 9194, "tcp", "Kafka TLS Public enabled broker 0.8.2+ (MSK specific)"] + kafka-broker-sasl-scram-tcp = [9096, 9096, "tcp", "Kafka SASL/SCRAM enabled broker (MSK specific)"] + kafka-broker-sasl-scram-public-tcp = [9196, 9196, "tcp", "Kafka SASL/SCRAM Public enabled broker (MSK specific)"] + kafka-broker-sasl-iam-tcp = [9098, 9098, "tcp", "Kafka SASL/IAM access control enabled (MSK specific)"] + kafka-broker-sasl-iam-public-tcp = [9198, 9198, "tcp", "Kafka SASL/IAM Public access control enabled (MSK specific)"] + kafka-jmx-exporter-tcp = [11001, 11001, "tcp", "Kafka JMX Exporter"] + kafka-node-exporter-tcp = [11002, 11002, "tcp", "Kafka Node Exporter"] + + kibana-tcp = [5601, 5601, "tcp", "Kibana Web Interface"] + + kubernetes-api-tcp = [6443, 6443, "tcp", "Kubernetes API Server"] + + ldap-tcp = [389, 389, "tcp", "LDAP"] + + ldaps-tcp = [636, 636, "tcp", "LDAPS"] + + logstash-tcp = [5044, 5044, "tcp", "Logstash"] + + loki-grafana = [3100, 3100, "tcp", "Grafana Loki endpoint"] + loki-grafana-grpc = [9095, 9095, "tcp", "Grafana Loki GRPC"] + + memcached-tcp = [11211, 11211, "tcp", "Memcached"] + + minio-tcp = [9000, 9000, "tcp", "MinIO"] + + mongodb-27017-tcp = [27017, 27017, "tcp", "MongoDB"] + mongodb-27018-tcp = [27018, 27018, "tcp", "MongoDB shard"] + mongodb-27019-tcp = [27019, 27019, "tcp", "MongoDB config server"] + + mysql-tcp = [3306, 3306, "tcp", "MySQL/Aurora"] + + mssql-tcp = [1433, 1433, "tcp", "MSSQL Server"] + mssql-udp = [1434, 1434, "udp", "MSSQL Browser"] + mssql-analytics-tcp = [2383, 2383, "tcp", "MSSQL Analytics"] + mssql-broker-tcp = [4022, 4022, "tcp", "MSSQL Broker"] + + nfs-tcp = [2049, 2049, "tcp", "NFS/EFS"] + + nomad-http-tcp = [4646, 4646, "tcp", "Nomad HTTP"] + nomad-rpc-tcp = [4647, 4647, "tcp", "Nomad RPC"] + nomad-serf-tcp = [4648, 4648, "tcp", "Serf"] + nomad-serf-udp = [4648, 4648, "udp", "Serf"] + + openvpn-udp = [1194, 1194, "udp", "OpenVPN"] + openvpn-tcp = [943, 943, "tcp", "OpenVPN"] + openvpn-https-tcp = [443, 443, "tcp", "OpenVPN"] + + postgresql-tcp = [5432, 5432, "tcp", "PostgreSQL"] + + puppet-tcp = [8140, 8140, "tcp", "Puppet"] + puppetdb-tcp = [8081, 8081, "tcp", "PuppetDB"] + + prometheus-http-tcp = [9090, 9090, "tcp", "Prometheus"] + prometheus-pushgateway-http-tcp = [9091, 9091, "tcp", "Prometheus Pushgateway"] + prometheus-node-exporter-http-tcp = [9100, 9100, "tcp", "Prometheus Node Exporter"] + + promtail-http = [9080, 9080, "tcp", "Promtail endpoint"] + + oracle-db-tcp = [1521, 1521, "tcp", "Oracle"] + + octopus-tentacle-tcp = [10933, 10933, "tcp", "Octopus Tentacle"] + + rabbitmq-4369-tcp = [4369, 4369, "tcp", "RabbitMQ epmd"] + rabbitmq-5671-tcp = [5671, 5671, "tcp", "RabbitMQ"] + rabbitmq-5672-tcp = [5672, 5672, "tcp", "RabbitMQ"] + rabbitmq-15672-tcp = [15672, 15672, "tcp", "RabbitMQ"] + rabbitmq-25672-tcp = [25672, 25672, "tcp", "RabbitMQ"] + + rdp-tcp = [3389, 3389, "tcp", "Remote Desktop"] + rdp-udp = [3389, 3389, "udp", "Remote Desktop"] + + redis-tcp = [6379, 6379, "tcp", "Redis"] + + redshift-tcp = [5439, 5439, "tcp", "Redshift"] + + saltstack-tcp = [4505, 4506, "tcp", "SaltStack"] + + smtp-tcp = [25, 25, "tcp", "SMTP"] + smtp-submission-587-tcp = [587, 587, "tcp", "SMTP Submission"] + smtp-submission-2587-tcp = [2587, 2587, "tcp", "SMTP Submission"] + smtps-465-tcp = [465, 465, "tcp", "SMTPS"] + smtps-2456-tcp = [2465, 2465, "tcp", "SMTPS"] + + solr-tcp = [8983, 8987, "tcp", "Solr"] + + splunk-indexer-tcp = [9997, 9997, "tcp", "Splunk indexer"] + splunk-web-tcp = [8000, 8000, "tcp", "Splunk Web"] + splunk-splunkd-tcp = [8089, 8089, "tcp", "Splunkd"] + splunk-hec-tcp = [8088, 8088, "tcp", "Splunk HEC"] + + squid-proxy-tcp = [3128, 3128, "tcp", "Squid default proxy"] + + ssh-tcp = [22, 22, "tcp", "SSH"] + + storm-nimbus-tcp = [6627, 6627, "tcp", "Nimbus"] + storm-ui-tcp = [8080, 8080, "tcp", "Storm UI"] + storm-supervisor-tcp = [6700, 6703, "tcp", "Supervisor"] + + vault-tcp = [8200, 8200, "tcp", "Vault"] + + wazuh-server-agent-connection-tcp = [1514, 1514, "tcp", "Agent connection service(TCP)"] + wazuh-server-agent-connection-udp = [1514, 1514, "udp", "Agent connection service(UDP)"] + wazuh-server-agent-enrollment = [1515, 1515, "tcp", "Agent enrollment service"] + wazuh-server-agent-cluster-daemon = [1516, 1516, "tcp", "Wazuh cluster daemon"] + wazuh-server-syslog-collector-tcp = [514, 514, "tcp", "Wazuh Syslog collector(TCP)"] + wazuh-server-syslog-collector-udp = [514, 514, "udp", "Wazuh Syslog collector(UDP)"] + wazuh-server-restful-api = [55000, 55000, "tcp", "Wazuh server RESTful API"] + wazuh-indexer-restful-api = [9200, 9200, "tcp", "Wazuh indexer RESTful API"] + wazuh-dashboard = [443, 443, "tcp", "Wazuh web user interface"] + + web-jmx-tcp = [1099, 1099, "tcp", "JMX"] + + winrm-http-tcp = [5985, 5985, "tcp", "WinRM HTTP"] + winrm-https-tcp = [5986, 5986, "tcp", "WinRM HTTPS"] + + zabbix-server = [10051, 10051, "tcp", "Zabbix Server"] + zabbix-proxy = [10051, 10051, "tcp", "Zabbix Proxy"] + zabbix-agent = [10050, 10050, "tcp", "Zabbix Agent"] + + zipkin-admin-tcp = [9990, 9990, "tcp", "Zipkin Admin port collector"] + zipkin-admin-query-tcp = [9901, 9901, "tcp", "Zipkin Admin port query"] + zipkin-admin-web-tcp = [9991, 9991, "tcp", "Zipkin Admin port web"] + zipkin-query-tcp = [9411, 9411, "tcp", "Zipkin query port"] + zipkin-web-tcp = [8080, 8080, "tcp", "Zipkin web port"] + + zookeeper-2181-tcp = [2181, 2181, "tcp", "Zookeeper"] + zookeeper-2182-tls-tcp = [2182, 2182, "tcp", "Zookeeper TLS (MSK specific)"] + zookeeper-2888-tcp = [2888, 2888, "tcp", "Zookeeper"] + zookeeper-3888-tcp = [3888, 3888, "tcp", "Zookeeper"] + zookeeper-jmx-tcp = [7199, 7199, "tcp", "JMX"] + + all-all = [-1, -1, "-1", "All protocols"] + all-tcp = [0, 65535, "tcp", "All TCP ports"] + all-udp = [0, 65535, "udp", "All UDP ports"] + all-icmp = [-1, -1, "icmp", "All IPV4 ICMP"] + all-ipv6-icmp = [-1, -1, 58, "All IPV6 ICMP"] + + _ = ["", "", ""] + }) + security_group_id = try(each.value.security_group_id, var.defaults.security_group_id, null) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id, null) +} diff --git a/wrappers/memcached/README.md b/wrappers/memcached/README.md new file mode 100644 index 00000000..5e78d049 --- /dev/null +++ b/wrappers/memcached/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/memcached` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/memcached" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/memcached?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/memcached" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/memcached/main.tf b/wrappers/memcached/main.tf new file mode 100644 index 00000000..b184df6e --- /dev/null +++ b/wrappers/memcached/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/memcached" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["memcached-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/memcached/outputs.tf b/wrappers/memcached/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/memcached/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/memcached/variables.tf b/wrappers/memcached/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/memcached/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/memcached/versions.tf b/wrappers/memcached/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/memcached/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/minio/README.md b/wrappers/minio/README.md new file mode 100644 index 00000000..f1bd88f0 --- /dev/null +++ b/wrappers/minio/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/minio` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/minio" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/minio?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/minio" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/minio/main.tf b/wrappers/minio/main.tf new file mode 100644 index 00000000..3941aa13 --- /dev/null +++ b/wrappers/minio/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/minio" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["minio-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/minio/outputs.tf b/wrappers/minio/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/minio/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/minio/variables.tf b/wrappers/minio/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/minio/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/minio/versions.tf b/wrappers/minio/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/minio/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/mongodb/README.md b/wrappers/mongodb/README.md new file mode 100644 index 00000000..f6707c24 --- /dev/null +++ b/wrappers/mongodb/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/mongodb` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/mongodb" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/mongodb?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/mongodb" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/mongodb/main.tf b/wrappers/mongodb/main.tf new file mode 100644 index 00000000..eca4acb6 --- /dev/null +++ b/wrappers/mongodb/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/mongodb" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/mongodb/outputs.tf b/wrappers/mongodb/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/mongodb/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/mongodb/variables.tf b/wrappers/mongodb/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/mongodb/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/mongodb/versions.tf b/wrappers/mongodb/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/mongodb/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/mssql/README.md b/wrappers/mssql/README.md new file mode 100644 index 00000000..afff182e --- /dev/null +++ b/wrappers/mssql/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/mssql` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/mssql" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/mssql?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/mssql" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/mssql/main.tf b/wrappers/mssql/main.tf new file mode 100644 index 00000000..2d2fdd7d --- /dev/null +++ b/wrappers/mssql/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/mssql" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/mssql/outputs.tf b/wrappers/mssql/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/mssql/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/mssql/variables.tf b/wrappers/mssql/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/mssql/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/mssql/versions.tf b/wrappers/mssql/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/mssql/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/mysql/README.md b/wrappers/mysql/README.md new file mode 100644 index 00000000..eb963419 --- /dev/null +++ b/wrappers/mysql/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/mysql` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/mysql" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/mysql?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/mysql" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/mysql/main.tf b/wrappers/mysql/main.tf new file mode 100644 index 00000000..6468a277 --- /dev/null +++ b/wrappers/mysql/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/mysql" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["mysql-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/mysql/outputs.tf b/wrappers/mysql/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/mysql/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/mysql/variables.tf b/wrappers/mysql/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/mysql/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/mysql/versions.tf b/wrappers/mysql/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/mysql/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/nfs/README.md b/wrappers/nfs/README.md new file mode 100644 index 00000000..9e794279 --- /dev/null +++ b/wrappers/nfs/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/nfs` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/nfs" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/nfs?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/nfs" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/nfs/main.tf b/wrappers/nfs/main.tf new file mode 100644 index 00000000..598d3e91 --- /dev/null +++ b/wrappers/nfs/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/nfs" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["nfs-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/nfs/outputs.tf b/wrappers/nfs/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/nfs/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/nfs/variables.tf b/wrappers/nfs/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/nfs/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/nfs/versions.tf b/wrappers/nfs/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/nfs/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/nomad/README.md b/wrappers/nomad/README.md new file mode 100644 index 00000000..9561dd83 --- /dev/null +++ b/wrappers/nomad/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/nomad` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/nomad" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/nomad?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/nomad" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/nomad/main.tf b/wrappers/nomad/main.tf new file mode 100644 index 00000000..44a6177d --- /dev/null +++ b/wrappers/nomad/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/nomad" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/nomad/outputs.tf b/wrappers/nomad/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/nomad/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/nomad/variables.tf b/wrappers/nomad/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/nomad/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/nomad/versions.tf b/wrappers/nomad/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/nomad/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/ntp/README.md b/wrappers/ntp/README.md new file mode 100644 index 00000000..baa0099e --- /dev/null +++ b/wrappers/ntp/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/ntp` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/ntp" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/ntp?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/ntp" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/ntp/main.tf b/wrappers/ntp/main.tf new file mode 100644 index 00000000..83ae8434 --- /dev/null +++ b/wrappers/ntp/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/ntp" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["ntp-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/ntp/outputs.tf b/wrappers/ntp/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/ntp/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/ntp/variables.tf b/wrappers/ntp/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/ntp/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/ntp/versions.tf b/wrappers/ntp/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/ntp/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/openvpn/README.md b/wrappers/openvpn/README.md new file mode 100644 index 00000000..ec932d97 --- /dev/null +++ b/wrappers/openvpn/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/openvpn` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/openvpn" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/openvpn?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/openvpn" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/openvpn/main.tf b/wrappers/openvpn/main.tf new file mode 100644 index 00000000..7e9e33b2 --- /dev/null +++ b/wrappers/openvpn/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/openvpn" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["openvpn-udp", "openvpn-tcp", "openvpn-https-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/openvpn/outputs.tf b/wrappers/openvpn/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/openvpn/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/openvpn/variables.tf b/wrappers/openvpn/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/openvpn/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/openvpn/versions.tf b/wrappers/openvpn/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/openvpn/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/oracle-db/README.md b/wrappers/oracle-db/README.md new file mode 100644 index 00000000..aac1f55f --- /dev/null +++ b/wrappers/oracle-db/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/oracle-db` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/oracle-db" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/oracle-db?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/oracle-db" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/oracle-db/main.tf b/wrappers/oracle-db/main.tf new file mode 100644 index 00000000..87947bb5 --- /dev/null +++ b/wrappers/oracle-db/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/oracle-db" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["oracle-db-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/oracle-db/outputs.tf b/wrappers/oracle-db/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/oracle-db/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/oracle-db/variables.tf b/wrappers/oracle-db/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/oracle-db/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/oracle-db/versions.tf b/wrappers/oracle-db/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/oracle-db/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/outputs.tf b/wrappers/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/postgresql/README.md b/wrappers/postgresql/README.md new file mode 100644 index 00000000..12798731 --- /dev/null +++ b/wrappers/postgresql/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/postgresql` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/postgresql" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/postgresql?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/postgresql" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/postgresql/main.tf b/wrappers/postgresql/main.tf new file mode 100644 index 00000000..8e7e4868 --- /dev/null +++ b/wrappers/postgresql/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/postgresql" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["postgresql-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/postgresql/outputs.tf b/wrappers/postgresql/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/postgresql/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/postgresql/variables.tf b/wrappers/postgresql/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/postgresql/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/postgresql/versions.tf b/wrappers/postgresql/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/postgresql/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/prometheus/README.md b/wrappers/prometheus/README.md new file mode 100644 index 00000000..58ad4c62 --- /dev/null +++ b/wrappers/prometheus/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/prometheus` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/prometheus" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/prometheus?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/prometheus" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/prometheus/main.tf b/wrappers/prometheus/main.tf new file mode 100644 index 00000000..49cabf9d --- /dev/null +++ b/wrappers/prometheus/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/prometheus" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["prometheus-http-tcp", "prometheus-pushgateway-http-tcp", "prometheus-node-exporter-http-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/prometheus/outputs.tf b/wrappers/prometheus/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/prometheus/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/prometheus/variables.tf b/wrappers/prometheus/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/prometheus/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/prometheus/versions.tf b/wrappers/prometheus/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/prometheus/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/promtail/README.md b/wrappers/promtail/README.md new file mode 100644 index 00000000..8cc5b566 --- /dev/null +++ b/wrappers/promtail/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/promtail` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/promtail" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/promtail?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/promtail" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/promtail/main.tf b/wrappers/promtail/main.tf new file mode 100644 index 00000000..fee81db0 --- /dev/null +++ b/wrappers/promtail/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/promtail" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["promtail-http"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/promtail/outputs.tf b/wrappers/promtail/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/promtail/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/promtail/variables.tf b/wrappers/promtail/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/promtail/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/promtail/versions.tf b/wrappers/promtail/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/promtail/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/puppet/README.md b/wrappers/puppet/README.md new file mode 100644 index 00000000..16bb5974 --- /dev/null +++ b/wrappers/puppet/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/puppet` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/puppet" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/puppet?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/puppet" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/puppet/main.tf b/wrappers/puppet/main.tf new file mode 100644 index 00000000..e41800df --- /dev/null +++ b/wrappers/puppet/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/puppet" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["puppet-tcp", "puppetdb-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/puppet/outputs.tf b/wrappers/puppet/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/puppet/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/puppet/variables.tf b/wrappers/puppet/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/puppet/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/puppet/versions.tf b/wrappers/puppet/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/puppet/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/rabbitmq/README.md b/wrappers/rabbitmq/README.md new file mode 100644 index 00000000..84cf6c99 --- /dev/null +++ b/wrappers/rabbitmq/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/rabbitmq` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/rabbitmq" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/rabbitmq?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/rabbitmq" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/rabbitmq/main.tf b/wrappers/rabbitmq/main.tf new file mode 100644 index 00000000..8cd5e876 --- /dev/null +++ b/wrappers/rabbitmq/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/rabbitmq" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/rabbitmq/outputs.tf b/wrappers/rabbitmq/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/rabbitmq/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/rabbitmq/variables.tf b/wrappers/rabbitmq/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/rabbitmq/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/rabbitmq/versions.tf b/wrappers/rabbitmq/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/rabbitmq/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/rdp/README.md b/wrappers/rdp/README.md new file mode 100644 index 00000000..db850a05 --- /dev/null +++ b/wrappers/rdp/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/rdp` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/rdp" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/rdp?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/rdp" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/rdp/main.tf b/wrappers/rdp/main.tf new file mode 100644 index 00000000..1e385c5d --- /dev/null +++ b/wrappers/rdp/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/rdp" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["rdp-tcp", "rdp-udp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/rdp/outputs.tf b/wrappers/rdp/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/rdp/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/rdp/variables.tf b/wrappers/rdp/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/rdp/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/rdp/versions.tf b/wrappers/rdp/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/rdp/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/redis/README.md b/wrappers/redis/README.md new file mode 100644 index 00000000..0e195549 --- /dev/null +++ b/wrappers/redis/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/redis` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/redis" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/redis?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/redis" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/redis/main.tf b/wrappers/redis/main.tf new file mode 100644 index 00000000..e1e3a0e5 --- /dev/null +++ b/wrappers/redis/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/redis" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["redis-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/redis/outputs.tf b/wrappers/redis/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/redis/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/redis/variables.tf b/wrappers/redis/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/redis/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/redis/versions.tf b/wrappers/redis/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/redis/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/redshift/README.md b/wrappers/redshift/README.md new file mode 100644 index 00000000..2e1666ff --- /dev/null +++ b/wrappers/redshift/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/redshift` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/redshift" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/redshift?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/redshift" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/redshift/main.tf b/wrappers/redshift/main.tf new file mode 100644 index 00000000..b871c6b6 --- /dev/null +++ b/wrappers/redshift/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/redshift" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["redshift-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/redshift/outputs.tf b/wrappers/redshift/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/redshift/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/redshift/variables.tf b/wrappers/redshift/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/redshift/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/redshift/versions.tf b/wrappers/redshift/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/redshift/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/smtp-submission/README.md b/wrappers/smtp-submission/README.md new file mode 100644 index 00000000..57a3afc1 --- /dev/null +++ b/wrappers/smtp-submission/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/smtp-submission` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/smtp-submission" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/smtp-submission?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/smtp-submission" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/smtp-submission/main.tf b/wrappers/smtp-submission/main.tf new file mode 100644 index 00000000..90ba7df5 --- /dev/null +++ b/wrappers/smtp-submission/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/smtp-submission" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["smtp-submission-587-tcp", "smtp-submission-2587-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/smtp-submission/outputs.tf b/wrappers/smtp-submission/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/smtp-submission/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/smtp-submission/variables.tf b/wrappers/smtp-submission/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/smtp-submission/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/smtp-submission/versions.tf b/wrappers/smtp-submission/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/smtp-submission/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/smtp/README.md b/wrappers/smtp/README.md new file mode 100644 index 00000000..236e26c6 --- /dev/null +++ b/wrappers/smtp/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/smtp` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/smtp" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/smtp?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/smtp" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/smtp/main.tf b/wrappers/smtp/main.tf new file mode 100644 index 00000000..0a5a1d84 --- /dev/null +++ b/wrappers/smtp/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/smtp" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["smtp-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/smtp/outputs.tf b/wrappers/smtp/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/smtp/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/smtp/variables.tf b/wrappers/smtp/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/smtp/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/smtp/versions.tf b/wrappers/smtp/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/smtp/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/smtps/README.md b/wrappers/smtps/README.md new file mode 100644 index 00000000..daa032f1 --- /dev/null +++ b/wrappers/smtps/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/smtps` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/smtps" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/smtps?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/smtps" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/smtps/main.tf b/wrappers/smtps/main.tf new file mode 100644 index 00000000..08a13288 --- /dev/null +++ b/wrappers/smtps/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/smtps" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["smtps-465-tcp", "smtps-2465-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/smtps/outputs.tf b/wrappers/smtps/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/smtps/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/smtps/variables.tf b/wrappers/smtps/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/smtps/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/smtps/versions.tf b/wrappers/smtps/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/smtps/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/solr/README.md b/wrappers/solr/README.md new file mode 100644 index 00000000..6b3c68d0 --- /dev/null +++ b/wrappers/solr/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/solr` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/solr" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/solr?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/solr" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/solr/main.tf b/wrappers/solr/main.tf new file mode 100644 index 00000000..444c0c6e --- /dev/null +++ b/wrappers/solr/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/solr" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["solr-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/solr/outputs.tf b/wrappers/solr/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/solr/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/solr/variables.tf b/wrappers/solr/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/solr/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/solr/versions.tf b/wrappers/solr/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/solr/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/splunk/README.md b/wrappers/splunk/README.md new file mode 100644 index 00000000..37285de8 --- /dev/null +++ b/wrappers/splunk/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/splunk` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/splunk" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/splunk?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/splunk" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/splunk/main.tf b/wrappers/splunk/main.tf new file mode 100644 index 00000000..eb894958 --- /dev/null +++ b/wrappers/splunk/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/splunk" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["splunk-indexer-tcp", "splunk-web-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/splunk/outputs.tf b/wrappers/splunk/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/splunk/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/splunk/variables.tf b/wrappers/splunk/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/splunk/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/splunk/versions.tf b/wrappers/splunk/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/splunk/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/squid/README.md b/wrappers/squid/README.md new file mode 100644 index 00000000..3ba84b2e --- /dev/null +++ b/wrappers/squid/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/squid` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/squid" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/squid?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/squid" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/squid/main.tf b/wrappers/squid/main.tf new file mode 100644 index 00000000..71f444a8 --- /dev/null +++ b/wrappers/squid/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/squid" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["squid-proxy-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/squid/outputs.tf b/wrappers/squid/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/squid/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/squid/variables.tf b/wrappers/squid/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/squid/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/squid/versions.tf b/wrappers/squid/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/squid/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/ssh/README.md b/wrappers/ssh/README.md new file mode 100644 index 00000000..9bdb7fd4 --- /dev/null +++ b/wrappers/ssh/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/ssh` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/ssh" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/ssh?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/ssh" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/ssh/main.tf b/wrappers/ssh/main.tf new file mode 100644 index 00000000..aeda2251 --- /dev/null +++ b/wrappers/ssh/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/ssh" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["ssh-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/ssh/outputs.tf b/wrappers/ssh/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/ssh/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/ssh/variables.tf b/wrappers/ssh/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/ssh/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/ssh/versions.tf b/wrappers/ssh/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/ssh/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/storm/README.md b/wrappers/storm/README.md new file mode 100644 index 00000000..9bbfa586 --- /dev/null +++ b/wrappers/storm/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/storm` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/storm" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/storm?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/storm" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/storm/main.tf b/wrappers/storm/main.tf new file mode 100644 index 00000000..bf49d857 --- /dev/null +++ b/wrappers/storm/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/storm" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/storm/outputs.tf b/wrappers/storm/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/storm/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/storm/variables.tf b/wrappers/storm/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/storm/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/storm/versions.tf b/wrappers/storm/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/storm/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/variables.tf b/wrappers/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/vault/README.md b/wrappers/vault/README.md new file mode 100644 index 00000000..c3230587 --- /dev/null +++ b/wrappers/vault/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/vault` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/vault" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/vault?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/vault" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/vault/main.tf b/wrappers/vault/main.tf new file mode 100644 index 00000000..35bbf6fa --- /dev/null +++ b/wrappers/vault/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/vault" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["vault-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/vault/outputs.tf b/wrappers/vault/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/vault/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/vault/variables.tf b/wrappers/vault/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/vault/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/vault/versions.tf b/wrappers/vault/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/vault/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/versions.tf b/wrappers/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/wazuh/README.md b/wrappers/wazuh/README.md new file mode 100644 index 00000000..de9751db --- /dev/null +++ b/wrappers/wazuh/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/wazuh` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/wazuh" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/wazuh?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/wazuh" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/wazuh/main.tf b/wrappers/wazuh/main.tf new file mode 100644 index 00000000..a9d76b0f --- /dev/null +++ b/wrappers/wazuh/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/wazuh" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["wazuh-server-agent-connection-tcp", "wazuh-server-agent-connection-udp", "wazuh-server-agent-enrollment", "wazuh-server-agent-cluster-daemon", "wazuh-server-syslog-collector-tcp", "wazuh-server-syslog-collector-udp", "wazuh-server-restful-api", "wazuh-indexer-restful-api", "wazuh-dashboard"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/wazuh/outputs.tf b/wrappers/wazuh/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/wazuh/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/wazuh/variables.tf b/wrappers/wazuh/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/wazuh/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/wazuh/versions.tf b/wrappers/wazuh/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/wazuh/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/web/README.md b/wrappers/web/README.md new file mode 100644 index 00000000..bd9132bb --- /dev/null +++ b/wrappers/web/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/web` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/web" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/web?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/web" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/web/main.tf b/wrappers/web/main.tf new file mode 100644 index 00000000..7a3b94de --- /dev/null +++ b/wrappers/web/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/web" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/web/outputs.tf b/wrappers/web/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/web/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/web/variables.tf b/wrappers/web/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/web/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/web/versions.tf b/wrappers/web/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/web/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/winrm/README.md b/wrappers/winrm/README.md new file mode 100644 index 00000000..13f2d7e9 --- /dev/null +++ b/wrappers/winrm/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/winrm` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/winrm" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/winrm?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/winrm" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/winrm/main.tf b/wrappers/winrm/main.tf new file mode 100644 index 00000000..1ec169d3 --- /dev/null +++ b/wrappers/winrm/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/winrm" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["winrm-http-tcp", "winrm-https-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/winrm/outputs.tf b/wrappers/winrm/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/winrm/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/winrm/variables.tf b/wrappers/winrm/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/winrm/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/winrm/versions.tf b/wrappers/winrm/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/winrm/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/zabbix/README.md b/wrappers/zabbix/README.md new file mode 100644 index 00000000..873f673c --- /dev/null +++ b/wrappers/zabbix/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/zabbix` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/zabbix" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/zabbix?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/zabbix" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/zabbix/main.tf b/wrappers/zabbix/main.tf new file mode 100644 index 00000000..c16af085 --- /dev/null +++ b/wrappers/zabbix/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/zabbix" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["zabbix-server", "zabbix-proxy", "zabbix-agent"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/zabbix/outputs.tf b/wrappers/zabbix/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/zabbix/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/zabbix/variables.tf b/wrappers/zabbix/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/zabbix/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/zabbix/versions.tf b/wrappers/zabbix/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/zabbix/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/zipkin/README.md b/wrappers/zipkin/README.md new file mode 100644 index 00000000..5928acc4 --- /dev/null +++ b/wrappers/zipkin/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/zipkin` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/zipkin" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/zipkin?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/zipkin" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/zipkin/main.tf b/wrappers/zipkin/main.tf new file mode 100644 index 00000000..48e2a098 --- /dev/null +++ b/wrappers/zipkin/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/zipkin" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/zipkin/outputs.tf b/wrappers/zipkin/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/zipkin/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/zipkin/variables.tf b/wrappers/zipkin/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/zipkin/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/zipkin/versions.tf b/wrappers/zipkin/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/zipkin/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} diff --git a/wrappers/zookeeper/README.md b/wrappers/zookeeper/README.md new file mode 100644 index 00000000..dea3cdb9 --- /dev/null +++ b/wrappers/zookeeper/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/zookeeper` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/security-group/aws//wrappers/zookeeper" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-security-group.git//wrappers/zookeeper?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/security-group/aws//wrappers/zookeeper" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/zookeeper/main.tf b/wrappers/zookeeper/main.tf new file mode 100644 index 00000000..e391c5df --- /dev/null +++ b/wrappers/zookeeper/main.tf @@ -0,0 +1,79 @@ +module "wrapper" { + source = "../../modules/zookeeper" + + for_each = var.items + + auto_computed_egress_rules = try(each.value.auto_computed_egress_rules, var.defaults.auto_computed_egress_rules, []) + auto_computed_egress_with_self = try(each.value.auto_computed_egress_with_self, var.defaults.auto_computed_egress_with_self, []) + auto_computed_ingress_rules = try(each.value.auto_computed_ingress_rules, var.defaults.auto_computed_ingress_rules, []) + auto_computed_ingress_with_self = try(each.value.auto_computed_ingress_with_self, var.defaults.auto_computed_ingress_with_self, []) + auto_egress_rules = try(each.value.auto_egress_rules, var.defaults.auto_egress_rules, ["all-all"]) + auto_egress_with_self = try(each.value.auto_egress_with_self, var.defaults.auto_egress_with_self, []) + auto_ingress_rules = try(each.value.auto_ingress_rules, var.defaults.auto_ingress_rules, ["zookeeper-2181-tcp", "zookeeper-2182-tls-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"]) + auto_ingress_with_self = try(each.value.auto_ingress_with_self, var.defaults.auto_ingress_with_self, [{ "rule" = "all-all" }]) + auto_number_of_computed_egress_rules = try(each.value.auto_number_of_computed_egress_rules, var.defaults.auto_number_of_computed_egress_rules, 0) + auto_number_of_computed_egress_with_self = try(each.value.auto_number_of_computed_egress_with_self, var.defaults.auto_number_of_computed_egress_with_self, 0) + auto_number_of_computed_ingress_rules = try(each.value.auto_number_of_computed_ingress_rules, var.defaults.auto_number_of_computed_ingress_rules, 0) + auto_number_of_computed_ingress_with_self = try(each.value.auto_number_of_computed_ingress_with_self, var.defaults.auto_number_of_computed_ingress_with_self, 0) + computed_egress_cidr_blocks = try(each.value.computed_egress_cidr_blocks, var.defaults.computed_egress_cidr_blocks, ["0.0.0.0/0"]) + computed_egress_ipv6_cidr_blocks = try(each.value.computed_egress_ipv6_cidr_blocks, var.defaults.computed_egress_ipv6_cidr_blocks, ["::/0"]) + computed_egress_prefix_list_ids = try(each.value.computed_egress_prefix_list_ids, var.defaults.computed_egress_prefix_list_ids, []) + computed_egress_rules = try(each.value.computed_egress_rules, var.defaults.computed_egress_rules, []) + computed_egress_with_cidr_blocks = try(each.value.computed_egress_with_cidr_blocks, var.defaults.computed_egress_with_cidr_blocks, []) + computed_egress_with_ipv6_cidr_blocks = try(each.value.computed_egress_with_ipv6_cidr_blocks, var.defaults.computed_egress_with_ipv6_cidr_blocks, []) + computed_egress_with_prefix_list_ids = try(each.value.computed_egress_with_prefix_list_ids, var.defaults.computed_egress_with_prefix_list_ids, []) + computed_egress_with_self = try(each.value.computed_egress_with_self, var.defaults.computed_egress_with_self, []) + computed_egress_with_source_security_group_id = try(each.value.computed_egress_with_source_security_group_id, var.defaults.computed_egress_with_source_security_group_id, []) + computed_ingress_cidr_blocks = try(each.value.computed_ingress_cidr_blocks, var.defaults.computed_ingress_cidr_blocks, []) + computed_ingress_ipv6_cidr_blocks = try(each.value.computed_ingress_ipv6_cidr_blocks, var.defaults.computed_ingress_ipv6_cidr_blocks, []) + computed_ingress_prefix_list_ids = try(each.value.computed_ingress_prefix_list_ids, var.defaults.computed_ingress_prefix_list_ids, []) + computed_ingress_rules = try(each.value.computed_ingress_rules, var.defaults.computed_ingress_rules, []) + computed_ingress_with_cidr_blocks = try(each.value.computed_ingress_with_cidr_blocks, var.defaults.computed_ingress_with_cidr_blocks, []) + computed_ingress_with_ipv6_cidr_blocks = try(each.value.computed_ingress_with_ipv6_cidr_blocks, var.defaults.computed_ingress_with_ipv6_cidr_blocks, []) + computed_ingress_with_prefix_list_ids = try(each.value.computed_ingress_with_prefix_list_ids, var.defaults.computed_ingress_with_prefix_list_ids, []) + computed_ingress_with_self = try(each.value.computed_ingress_with_self, var.defaults.computed_ingress_with_self, []) + computed_ingress_with_source_security_group_id = try(each.value.computed_ingress_with_source_security_group_id, var.defaults.computed_ingress_with_source_security_group_id, []) + create = try(each.value.create, var.defaults.create, true) + description = try(each.value.description, var.defaults.description, "Security Group managed by Terraform") + egress_cidr_blocks = try(each.value.egress_cidr_blocks, var.defaults.egress_cidr_blocks, ["0.0.0.0/0"]) + egress_ipv6_cidr_blocks = try(each.value.egress_ipv6_cidr_blocks, var.defaults.egress_ipv6_cidr_blocks, ["::/0"]) + egress_prefix_list_ids = try(each.value.egress_prefix_list_ids, var.defaults.egress_prefix_list_ids, []) + egress_rules = try(each.value.egress_rules, var.defaults.egress_rules, []) + egress_with_cidr_blocks = try(each.value.egress_with_cidr_blocks, var.defaults.egress_with_cidr_blocks, []) + egress_with_ipv6_cidr_blocks = try(each.value.egress_with_ipv6_cidr_blocks, var.defaults.egress_with_ipv6_cidr_blocks, []) + egress_with_prefix_list_ids = try(each.value.egress_with_prefix_list_ids, var.defaults.egress_with_prefix_list_ids, []) + egress_with_self = try(each.value.egress_with_self, var.defaults.egress_with_self, []) + egress_with_source_security_group_id = try(each.value.egress_with_source_security_group_id, var.defaults.egress_with_source_security_group_id, []) + ingress_cidr_blocks = try(each.value.ingress_cidr_blocks, var.defaults.ingress_cidr_blocks, []) + ingress_ipv6_cidr_blocks = try(each.value.ingress_ipv6_cidr_blocks, var.defaults.ingress_ipv6_cidr_blocks, []) + ingress_prefix_list_ids = try(each.value.ingress_prefix_list_ids, var.defaults.ingress_prefix_list_ids, []) + ingress_rules = try(each.value.ingress_rules, var.defaults.ingress_rules, []) + ingress_with_cidr_blocks = try(each.value.ingress_with_cidr_blocks, var.defaults.ingress_with_cidr_blocks, []) + ingress_with_ipv6_cidr_blocks = try(each.value.ingress_with_ipv6_cidr_blocks, var.defaults.ingress_with_ipv6_cidr_blocks, []) + ingress_with_prefix_list_ids = try(each.value.ingress_with_prefix_list_ids, var.defaults.ingress_with_prefix_list_ids, []) + ingress_with_self = try(each.value.ingress_with_self, var.defaults.ingress_with_self, []) + ingress_with_source_security_group_id = try(each.value.ingress_with_source_security_group_id, var.defaults.ingress_with_source_security_group_id, []) + name = try(each.value.name, var.defaults.name) + number_of_computed_egress_cidr_blocks = try(each.value.number_of_computed_egress_cidr_blocks, var.defaults.number_of_computed_egress_cidr_blocks, 0) + number_of_computed_egress_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_ipv6_cidr_blocks, 0) + number_of_computed_egress_prefix_list_ids = try(each.value.number_of_computed_egress_prefix_list_ids, var.defaults.number_of_computed_egress_prefix_list_ids, 0) + number_of_computed_egress_rules = try(each.value.number_of_computed_egress_rules, var.defaults.number_of_computed_egress_rules, 0) + number_of_computed_egress_with_cidr_blocks = try(each.value.number_of_computed_egress_with_cidr_blocks, var.defaults.number_of_computed_egress_with_cidr_blocks, 0) + number_of_computed_egress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_egress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_egress_with_ipv6_cidr_blocks, 0) + number_of_computed_egress_with_prefix_list_ids = try(each.value.number_of_computed_egress_with_prefix_list_ids, var.defaults.number_of_computed_egress_with_prefix_list_ids, 0) + number_of_computed_egress_with_self = try(each.value.number_of_computed_egress_with_self, var.defaults.number_of_computed_egress_with_self, 0) + number_of_computed_egress_with_source_security_group_id = try(each.value.number_of_computed_egress_with_source_security_group_id, var.defaults.number_of_computed_egress_with_source_security_group_id, 0) + number_of_computed_ingress_cidr_blocks = try(each.value.number_of_computed_ingress_cidr_blocks, var.defaults.number_of_computed_ingress_cidr_blocks, 0) + number_of_computed_ingress_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_ipv6_cidr_blocks, 0) + number_of_computed_ingress_prefix_list_ids = try(each.value.number_of_computed_ingress_prefix_list_ids, var.defaults.number_of_computed_ingress_prefix_list_ids, 0) + number_of_computed_ingress_rules = try(each.value.number_of_computed_ingress_rules, var.defaults.number_of_computed_ingress_rules, 0) + number_of_computed_ingress_with_cidr_blocks = try(each.value.number_of_computed_ingress_with_cidr_blocks, var.defaults.number_of_computed_ingress_with_cidr_blocks, 0) + number_of_computed_ingress_with_ipv6_cidr_blocks = try(each.value.number_of_computed_ingress_with_ipv6_cidr_blocks, var.defaults.number_of_computed_ingress_with_ipv6_cidr_blocks, 0) + number_of_computed_ingress_with_prefix_list_ids = try(each.value.number_of_computed_ingress_with_prefix_list_ids, var.defaults.number_of_computed_ingress_with_prefix_list_ids, 0) + number_of_computed_ingress_with_self = try(each.value.number_of_computed_ingress_with_self, var.defaults.number_of_computed_ingress_with_self, 0) + number_of_computed_ingress_with_source_security_group_id = try(each.value.number_of_computed_ingress_with_source_security_group_id, var.defaults.number_of_computed_ingress_with_source_security_group_id, 0) + revoke_rules_on_delete = try(each.value.revoke_rules_on_delete, var.defaults.revoke_rules_on_delete, false) + tags = try(each.value.tags, var.defaults.tags, {}) + use_name_prefix = try(each.value.use_name_prefix, var.defaults.use_name_prefix, true) + vpc_id = try(each.value.vpc_id, var.defaults.vpc_id) +} diff --git a/wrappers/zookeeper/outputs.tf b/wrappers/zookeeper/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/zookeeper/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/zookeeper/variables.tf b/wrappers/zookeeper/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/zookeeper/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/zookeeper/versions.tf b/wrappers/zookeeper/versions.tf new file mode 100644 index 00000000..c4f23b0b --- /dev/null +++ b/wrappers/zookeeper/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.29" + } + } +} From badbab67cd0d7f976523fd44647e1ee9fb87001b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 8 Jan 2025 00:42:15 +0000 Subject: [PATCH 5/5] chore(release): version 5.3.0 [skip ci] ## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v5.2.0...v5.3.0) (2025-01-08) ### Features * Added wrappers for all submodules ([#333](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/333)) ([8500adb](https://github.com/terraform-aws-modules/terraform-aws-security-group/commit/8500adbc068bb1c1c244435abc9e7e6dbeddf21d)) ### Bug Fixes * Update CI workflow versions to latest ([#329](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/329)) ([43798ea](https://github.com/terraform-aws-modules/terraform-aws-security-group/commit/43798eab255616bd23ef4140f50252d585c9c51b)) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d4071ad..1aa9cebe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v5.2.0...v5.3.0) (2025-01-08) + + +### Features + +* Added wrappers for all submodules ([#333](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/333)) ([8500adb](https://github.com/terraform-aws-modules/terraform-aws-security-group/commit/8500adbc068bb1c1c244435abc9e7e6dbeddf21d)) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#329](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/329)) ([43798ea](https://github.com/terraform-aws-modules/terraform-aws-security-group/commit/43798eab255616bd23ef4140f50252d585c9c51b)) + ## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v5.1.2...v5.2.0) (2024-08-31)