Auto Format

README.md

@@ -237,6 +237,7 @@ Available targets:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| <a name="input_allow_all_egress"></a> [allow\_all\_egress](#input\_allow\_all\_egress) | A convenience that adds to the rules in `var.rules` a rule that allows all egress.<br>If this is false and `var.rules` does not specify any egress rules, then<br>no egress will be allowed. | `bool` | `false` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
 | <a name="input_create_before_destroy"></a> [create\_before\_destroy](#input\_create\_before\_destroy) | Set `true` to enable terraform `create_before_destroy` behavior.<br>Note that changing this value will change the security group name. | `bool` | `false` | no |
@@ -252,9 +253,8 @@ Available targets:
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Default value: `lower`. | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| <a name="input_open_egress_enabled"></a> [open\_egress\_enabled](#input\_open\_egress\_enabled) | A convenience. Add to the rules in `var.rules` a rule that allows all egress.<br>If this is false and `var.rules` does not specify any egress rules, then<br>no egress will be allowed. | `bool` | `false` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| <a name="input_rule_matrix"></a> [rule\_matrix](#input\_rule\_matrix) | A convenience. Apply the same list of rules to all the provided security groups and CIDRs and self.<br>Type is object as specified in the default, but keys are optional except for `rules`.<br>The `rules` list is a list of maps that are fully compatible with the `aws_security_group_rule` resource,<br>but any keys already at the top level will be ignored.  Rules keys listed in the default are required, except for `description`.<br>All elements of the list must have the same set of keys and each key must have a consistent value type.<br>Example:<br>{<br>  source\_security\_group\_ids = []<br>  cidr\_blocks= []<br>  ipv6\_cidr\_blocks= []<br>  prefix\_list\_ids = []<br>  self = true<br>  rules = [{<br>    type = "egress"<br>    from\_port = 0<br>    to\_port = 65535<br>    protocol = "all"<br>    description = "Allow full egress"<br>}] | `any` | <pre>{<br>  "rules": []<br>}</pre> | no |
+| <a name="input_rule_matrix"></a> [rule\_matrix](#input\_rule\_matrix) | A convenient way to apply the same set of rules to a set of subjects. See README for details. | `any` | <pre>{<br>  "rules": []<br>}</pre> | no |
 | <a name="input_rules"></a> [rules](#input\_rules) | A list of maps of Security Group rules.<br>The keys and values of the maps are fully compatible with the `aws_security_group_rule` resource, except<br>for `security_group_id` which will be ignored.<br>To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | `[]` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the account.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. | `string` | `""` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |

docs/terraform.md

@@ -35,6 +35,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| <a name="input_allow_all_egress"></a> [allow\_all\_egress](#input\_allow\_all\_egress) | A convenience that adds to the rules in `var.rules` a rule that allows all egress.<br>If this is false and `var.rules` does not specify any egress rules, then<br>no egress will be allowed. | `bool` | `false` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
 | <a name="input_create_before_destroy"></a> [create\_before\_destroy](#input\_create\_before\_destroy) | Set `true` to enable terraform `create_before_destroy` behavior.<br>Note that changing this value will change the security group name. | `bool` | `false` | no |
@@ -50,9 +51,8 @@
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Default value: `lower`. | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| <a name="input_open_egress_enabled"></a> [open\_egress\_enabled](#input\_open\_egress\_enabled) | A convenience. Add to the rules in `var.rules` a rule that allows all egress.<br>If this is false and `var.rules` does not specify any egress rules, then<br>no egress will be allowed. | `bool` | `false` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| <a name="input_rule_matrix"></a> [rule\_matrix](#input\_rule\_matrix) | A convenience. Apply the same list of rules to all the provided security groups and CIDRs and self.<br>Type is object as specified in the default, but keys are optional except for `rules`.<br>The `rules` list is a list of maps that are fully compatible with the `aws_security_group_rule` resource,<br>but any keys already at the top level will be ignored.  Rules keys listed in the default are required, except for `description`.<br>All elements of the list must have the same set of keys and each key must have a consistent value type.<br>Example:<br>{<br>  source\_security\_group\_ids = []<br>  cidr\_blocks= []<br>  ipv6\_cidr\_blocks= []<br>  prefix\_list\_ids = []<br>  self = true<br>  rules = [{<br>    type = "egress"<br>    from\_port = 0<br>    to\_port = 65535<br>    protocol = "all"<br>    description = "Allow full egress"<br>}] | `any` | <pre>{<br>  "rules": []<br>}</pre> | no |
+| <a name="input_rule_matrix"></a> [rule\_matrix](#input\_rule\_matrix) | A convenient way to apply the same set of rules to a set of subjects. See README for details. | `any` | <pre>{<br>  "rules": []<br>}</pre> | no |
 | <a name="input_rules"></a> [rules](#input\_rules) | A list of maps of Security Group rules.<br>The keys and values of the maps are fully compatible with the `aws_security_group_rule` resource, except<br>for `security_group_id` which will be ignored.<br>To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | `[]` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the account.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. | `string` | `""` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |

examples/complete/main.tf

@@ -16,7 +16,7 @@ module "vpc" {
 module "new_security_group" {
   source = "../.."
 
-  vpc_id              = module.vpc.vpc_id
+  vpc_id           = module.vpc.vpc_id
   allow_all_egress = true
   rule_matrix = {
     # Allow ingress on ports 22 and 80 from created security grup, existing security group, and CIDR "10.0.0.0/8"

variables.tf

@@ -66,25 +66,25 @@ variable "allow_all_egress" {
 }
 
 variable "rule_matrix" {
-    # rule_matrix is independent of the `rules` input.
-    # Only the rules specified in the `rule_matrix` object are applied to the subjects.
-    #  Schema:
-    #  {
-    #    # these top level lists define all the subjects to which rule_matrix rules will be applied
-    #    source_security_group_ids = list of source security group IDs to apply all rules to
-    #    cidr_blocks = list of ipv4 CIDR blocks to apply all rules to
-    #    ipv6_cidr_blocks= list of ipv6 CIDR blocks to apply all rules to
-    #    prefix_list_ids = list of prefix list IDs to apply all rules to
-    #    self = # set "true" to apply the rules to the created or existing security group
-    #
-    #    # each rule in the rules list will be applied to every subject defined above
-    #    rules = [{
-    #      type = "egress"
-    #      from_port = 0
-    #      to_port = 65535
-    #      protocol = "all"
-    #      description = "Allow full egress"
-    #    }]
+  # rule_matrix is independent of the `rules` input.
+  # Only the rules specified in the `rule_matrix` object are applied to the subjects.
+  #  Schema:
+  #  {
+  #    # these top level lists define all the subjects to which rule_matrix rules will be applied
+  #    source_security_group_ids = list of source security group IDs to apply all rules to
+  #    cidr_blocks = list of ipv4 CIDR blocks to apply all rules to
+  #    ipv6_cidr_blocks= list of ipv6 CIDR blocks to apply all rules to
+  #    prefix_list_ids = list of prefix list IDs to apply all rules to
+  #    self = # set "true" to apply the rules to the created or existing security group
+  #
+  #    # each rule in the rules list will be applied to every subject defined above
+  #    rules = [{
+  #      type = "egress"
+  #      from_port = 0
+  #      to_port = 65535
+  #      protocol = "all"
+  #      description = "Allow full egress"
+  #    }]
 
   type        = any
   default     = { rules = [] }