Merge pull request Coalfire-CF#20 from Coalfire-CF/remove_volume_tags

Remove_volume_tags

Author: az-kennedy

README.md

@@ -171,7 +171,7 @@ module "ad2" {
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | github.com/Coalfire-CF/terraform-aws-securitygroup | v1.0.0 |
+| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | github.com/Coalfire-CF/terraform-aws-securitygroup | b6e9070a3f6201d75160c42a3f649d36cb9b2622 |
 
 ## Resources
 
@@ -204,17 +204,17 @@ module "ad2" {
 | <a name="input_associate_public_ip"></a> [associate\_public\_ip](#input\_associate\_public\_ip) | Whether or not to associate a public IP (not EIP) | `bool` | `false` | no |
 | <a name="input_assume_role_policy"></a> [assume\_role\_policy](#input\_assume\_role\_policy) | Policy document allowing Principals to assume this role (e.g. Trust Relationship) | `string` | `"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n   {\n     \"Action\": \"sts:AssumeRole\",\n     \"Principal\": {\n       \"Service\": \"ec2.amazonaws.com\"\n     },\n     \"Effect\": \"Allow\",\n     \"Sid\": \"\"\n   }\n ]\n}\n"` | no |
 | <a name="input_ebs_kms_key_arn"></a> [ebs\_kms\_key\_arn](#input\_ebs\_kms\_key\_arn) | The ARN of the KMS key to encrypt EBS volumes | `string` | n/a | yes |
-| <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | Whether or not the instance is ebs optimized | `bool` | `false` | no |
+| <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | Whether or not the instance is ebs optimized | `bool` | `true` | no |
 | <a name="input_ebs_volumes"></a> [ebs\_volumes](#input\_ebs\_volumes) | A list of maps that must contain device\_name (ex. '/dev/sdb') and size (in GB). Optional args include type, throughput, iops, multi\_attach\_enabled, final\_snapshot, snapshot\_id, outpost\_arn, force\_detach, skip\_destroy, stop\_instance\_before\_detaching, and tags | <pre>list(object({<br>    device_name                    = string<br>    size                           = number<br>    type                           = string<br>    throughput                     = optional(number)<br>    iops                           = optional(number)<br>    multi_attach_enabled           = optional(bool, false)<br>    final_snapshot                 = optional(string)<br>    snapshot_id                    = optional(string)<br>    outpost_arn                    = optional(string)<br>    force_detach                   = optional(bool, false)<br>    skip_destroy                   = optional(bool, false)<br>    stop_instance_before_detaching = optional(bool, false)<br>    tags                           = optional(map(string), {})<br>  }))</pre> | `[]` | no |
 | <a name="input_ec2_instance_type"></a> [ec2\_instance\_type](#input\_ec2\_instance\_type) | The type of instance to start | `string` | n/a | yes |
 | <a name="input_ec2_key_pair"></a> [ec2\_key\_pair](#input\_ec2\_key\_pair) | The key name to use for the instance | `string` | n/a | yes |
-| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | The list of rules for egress traffic. Required fields for each rule are 'protocol', 'from\_port', 'to\_port', and at least one of 'cidr\_blocks', 'ipv6\_cidr\_blocks', 'security\_groups', 'self', or 'prefix\_list\_sg'. Optional fields are 'description' and those not used from the previous list | <pre>list(object({<br>    protocol         = string<br>    from_port        = string<br>    to_port          = string<br>    cidr_blocks      = optional(list(string), [])<br>    ipv6_cidr_blocks = optional(list(string), [])<br>    prefix_list_ids  = optional(list(string), [])<br>    security_groups  = optional(list(string), [])<br>    self             = optional(bool)<br>    description      = optional(string, "Managed by Terraform")<br>  }))</pre> | `[]` | no |
+| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | The list of rules for egress traffic. Required fields for each rule are 'protocol', 'from\_port', 'to\_port', and at least one of 'cidr\_blocks', 'ipv6\_cidr\_blocks', 'security\_groups', 'self', or 'prefix\_list\_sg'. Optional fields are 'description' and those not used from the previous list | <pre>map(object({<br>    cidr_ipv4                    = optional(string, null)<br>    cidr_ipv6                    = optional(string, null)<br>    description                  = optional(string, "Managed by Terraform")<br>    from_port                    = optional(string, null)<br>    ip_protocol                  = optional(string, null)<br>    prefix_list_id               = optional(string, null)<br>    referenced_security_group_id = optional(string, null)<br>    to_port                      = optional(string, null)<br>  }))</pre> | `{}` | no |
 | <a name="input_get_password_data"></a> [get\_password\_data](#input\_get\_password\_data) | Whether or not to allow retrieval of the local admin password | `bool` | `false` | no |
 | <a name="input_global_tags"></a> [global\_tags](#input\_global\_tags) | a map of strings that contains global level tags | `map(string)` | n/a | yes |
 | <a name="input_http_tokens"></a> [http\_tokens](#input\_http\_tokens) | Whether or not the metadata service requires session tokens, required=IMDSv2, optional=IMDSv1 | `any` | `"required"` | no |
 | <a name="input_iam_policies"></a> [iam\_policies](#input\_iam\_policies) | A list of the iam policy ARNs to attach to the IAM role | `list(string)` | `[]` | no |
 | <a name="input_iam_profile"></a> [iam\_profile](#input\_iam\_profile) | A variable to attach an existing iam profile to the ec2 instance(s) created | `string` | `""` | no |
-| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | The list of rules for ingress traffic. Required fields for each rule are 'protocol', 'from\_port', 'to\_port', and at least one of 'cidr\_blocks', 'ipv6\_cidr\_blocks', 'security\_groups', 'self', or 'prefix\_list\_sg'. Optional fields are 'description' and those not used from the previous list | <pre>list(object({<br>    protocol         = string<br>    from_port        = string<br>    to_port          = string<br>    cidr_blocks      = optional(list(string), [])<br>    ipv6_cidr_blocks = optional(list(string), [])<br>    prefix_list_ids  = optional(list(string), [])<br>    security_groups  = optional(list(string), [])<br>    self             = optional(bool)<br>    description      = optional(string, "Managed by Terraform")<br>  }))</pre> | `[]` | no |
+| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | The list of rules for ingress traffic. Required fields for each rule are 'protocol', 'from\_port', 'to\_port', and at least one of 'cidr\_blocks', 'ipv6\_cidr\_blocks', 'security\_groups', 'self', or 'prefix\_list\_sg'. Optional fields are 'description' and those not used from the previous list | <pre>map(object({<br>    cidr_ipv4                    = optional(string, null)<br>    cidr_ipv6                    = optional(string, null)<br>    description                  = optional(string, "Managed by Terraform")<br>    from_port                    = optional(string, null)<br>    ip_protocol                  = optional(string, null)<br>    prefix_list_id               = optional(string, null)<br>    referenced_security_group_id = optional(string, null)<br>    to_port                      = optional(string, null)<br>  }))</pre> | `{}` | no |
 | <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | Number of instances to launch | `number` | `1` | no |
 | <a name="input_keys_to_grant"></a> [keys\_to\_grant](#input\_keys\_to\_grant) | A list of kms keys to grant permissions to for the role created. | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the ec2 instance | `string` | n/a | yes |

ec2.tf

@@ -48,14 +48,6 @@ resource "aws_instance" "this" {
     var.global_tags
   )
 
-  volume_tags = merge(
-    {
-      Name = var.instance_count == 1 ? var.name : "${var.name}${count.index + 1}"
-    },
-    var.tags,
-    var.global_tags
-  )
-
   lifecycle {
     ignore_changes = [root_block_device, ebs_block_device, user_data, ami]
   }

sg.tf

@@ -1,12 +1,12 @@
 module "security_group" {
-  source = "github.com/Coalfire-CF/terraform-aws-securitygroup?ref=v1.0.0"
+  source = "github.com/Coalfire-CF/terraform-aws-securitygroup?ref=b6e9070a3f6201d75160c42a3f649d36cb9b2622"
 
   name        = "${var.name}-sg"
   description = var.sg_description
   vpc_id      = var.vpc_id
 
-  ingress_rules = length(var.ingress_rules) == 0 ? null : var.ingress_rules
-  egress_rules  = length(var.egress_rules) == 0 ? null : var.egress_rules
+  ingress_rules = length(var.ingress_rules) == 0 ? {} : var.ingress_rules
+  egress_rules  = length(var.egress_rules) == 0 ? {} : var.egress_rules
 
   network_interface_resource_associations = var.additional_eni_ids
 }

variables.tf

@@ -58,7 +58,7 @@ variable "ebs_volumes" {
 variable "ebs_optimized" {
   description = "Whether or not the instance is ebs optimized"
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "ebs_kms_key_arn" {
@@ -114,34 +114,32 @@ variable "sg_description" {
 
 variable "ingress_rules" {
   description = "The list of rules for ingress traffic. Required fields for each rule are 'protocol', 'from_port', 'to_port', and at least one of 'cidr_blocks', 'ipv6_cidr_blocks', 'security_groups', 'self', or 'prefix_list_sg'. Optional fields are 'description' and those not used from the previous list"
-  type = list(object({
-    protocol         = string
-    from_port        = string
-    to_port          = string
-    cidr_blocks      = optional(list(string), [])
-    ipv6_cidr_blocks = optional(list(string), [])
-    prefix_list_ids  = optional(list(string), [])
-    security_groups  = optional(list(string), [])
-    self             = optional(bool)
-    description      = optional(string, "Managed by Terraform")
+  type = map(object({
+    cidr_ipv4                    = optional(string, null)
+    cidr_ipv6                    = optional(string, null)
+    description                  = optional(string, "Managed by Terraform")
+    from_port                    = optional(string, null)
+    ip_protocol                  = optional(string, null)
+    prefix_list_id               = optional(string, null)
+    referenced_security_group_id = optional(string, null)
+    to_port                      = optional(string, null)
   }))
-  default = []
+  default = {}
 }
 
 variable "egress_rules" {
   description = "The list of rules for egress traffic. Required fields for each rule are 'protocol', 'from_port', 'to_port', and at least one of 'cidr_blocks', 'ipv6_cidr_blocks', 'security_groups', 'self', or 'prefix_list_sg'. Optional fields are 'description' and those not used from the previous list"
-  type = list(object({
-    protocol         = string
-    from_port        = string
-    to_port          = string
-    cidr_blocks      = optional(list(string), [])
-    ipv6_cidr_blocks = optional(list(string), [])
-    prefix_list_ids  = optional(list(string), [])
-    security_groups  = optional(list(string), [])
-    self             = optional(bool)
-    description      = optional(string, "Managed by Terraform")
+  type = map(object({
+    cidr_ipv4                    = optional(string, null)
+    cidr_ipv6                    = optional(string, null)
+    description                  = optional(string, "Managed by Terraform")
+    from_port                    = optional(string, null)
+    ip_protocol                  = optional(string, null)
+    prefix_list_id               = optional(string, null)
+    referenced_security_group_id = optional(string, null)
+    to_port                      = optional(string, null)
   }))
-  default = []
+  default = {}
 }
 
 variable "tags" {