Add setting security group ingress by cidr. Add name output

Author: Steven Nemetz

main.tf

@@ -61,6 +61,16 @@ resource "aws_security_group_rule" "ingress" {
   security_group_id        = "${aws_security_group.default.id}"
 }
 
+resource "aws_security_group_rule" "ingress_cidr" {
+  count             = "${module.enabled.value && length(compact(var.ingress_cidr)) > 0 ? 1 : 0}"
+  type              = "ingress"
+  from_port         = "2049"
+  to_port           = "2049"
+  protocol          = "tcp"
+  cidr_blocks       = ["${var.ingress_cidr}"]
+  security_group_id = "${aws_security_group.default.id}"
+}
+
 resource "aws_security_group_rule" "egress" {
   count             = "${module.enabled.value}"
   type              = "egress"

outputs.tf

@@ -1,6 +1,6 @@
 // EFS File System outputs
 output "dns_name" {
-  description = ""
+  description = "FQDN of the EFS volume"
   value       = "${element(concat(aws_efs_file_system.default.*.dns_name, list("")),0)}"
 }
 
@@ -14,6 +14,11 @@ output "kms_key_id" {
   value       = "${element(concat(aws_efs_file_system.default.*.kms_key_id, list("")),0)}"
 }
 
+output "name" {
+  description = "Service name that was passed in. This is to make creating mount points easier"
+  value       = "${module.label.name}"
+}
+
 // EFS Mount Target outputs
 /*
 # Same as EFS mount_target_dns_names

test/main.tf

@@ -9,6 +9,7 @@ module "efs" {
   zone_id = "ZURF67XJUWC5A" # one
 
   security_groups = []
+  ingress_cidr    = ["10.0.0.0/8"]
   subnets         = ["subnet-857efce3", "subnet-0852f140", "subnet-6395c038"]
   vpc_id          = "vpc-417c0027"                                            # one
 

variables.tf

@@ -68,6 +68,12 @@ variable "encrypted" {
   default     = "false"
 }
 
+variable "ingress_cidr" {
+  description = "List of CIDR to allow access to EFS"
+  type        = "list"
+  default     = []
+}
+
 variable "kms_key_id" {
   description = "ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true"
   type        = "string"