-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfile
78 lines (69 loc) · 2.48 KB
/
file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
variable "use_security_groups" {
description = "Use security groups for dynamic ingress and egress rules"
type = bool
default = false
}
variable "ingress_security_groups" {
description = "List of security group IDs for dynamic ingress rules"
type = list(object({
from_port = number
to_port = number
protocol = string
security_group_ids = list(string)
}))
}
variable "egress_security_groups" {
description = "List of security group IDs for dynamic egress rules"
type = list(object({
from_port = number
to_port = number
protocol = string
security_group_ids = list(string)
}))
}
variable "ingress_cidr_blocks" {
description = "List of dynamic ingress rules using CIDR blocks"
type = list(object({
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
variable "egress_cidr_blocks" {
description = "List of dynamic egress rules using CIDR blocks"
type = list(object({
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
resource "aws_security_group" "example" {
name_prefix = "example-"
description = "Example Security Group"
dynamic "ingress" {
for_each = var.use_security_groups ? var.ingress_security_groups : var.ingress_cidr_blocks
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
# Conditional block based on whether to use security groups or CIDR blocks
# Use security groups if var.use_security_groups is true, otherwise use CIDR blocks
security_groups = var.use_security_groups ? [ingress.value.security_group_ids] : []
cidr_blocks = var.use_security_groups ? [] : ingress.value.cidr_blocks
}
}
dynamic "egress" {
for_each = var.use_security_groups ? var.egress_security_groups : var.egress_cidr_blocks
content {
from_port = egress.value.from_port
to_port = egress.value.to_port
protocol = egress.value.protocol
# Conditional block based on whether to use security groups or CIDR blocks
# Use security groups if var.use_security_groups is true, otherwise use CIDR blocks
security_groups = var.use_security_groups ? [egress.value.security_group_ids] : []
cidr_blocks = var.use_security_groups ? [] : egress.value.cidr_blocks
}
}
}