Modified code

nitinda · Dec 16, 2019 · 8a32db0 · 8a32db0
1 parent 9ad805f
commit 8a32db0
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 24 deletions.
diff --git a/security-groups.tf b/security-groups.tf
@@ -3,11 +3,39 @@ resource "aws_security_group" "security_group" {
   description            = var.description
   vpc_id                 = var.vpc_id
   revoke_rules_on_delete = var.revoke_rules_on_delete 
-  ingress                = var.ingress_rules
-  egress                 = var.egress_rules
   tags                   = var.common_tags
 
   lifecycle {
     create_before_destroy = true
   }
+
+  dynamic "ingress" {
+      for_each = length(var.ingress_rules) == 0 ? [] : var.ingress_rules
+      content {
+          from_port        = lookup(ingress.value, "from_port", null)
+          to_port          = lookup(ingress.value, "to_port", null)
+          protocol         = lookup(ingress.value, "protocol", null)
+          cidr_blocks      = lookup(ingress.value, "cidr_blocks", [])
+          description      = lookup(ingress.value, "description", null)
+          self             = lookup(ingress.value, "self", false)
+          security_groups  = lookup(ingress.value, "security_groups", [])
+          ipv6_cidr_blocks = lookup(ingress.value, "ipv6_cidr_blocks", [])
+          prefix_list_ids  = lookup(ingress.value, "prefix_list_ids", [])
+      }
+  }
+
+  dynamic "egress" {
+      for_each = length(var.egress_rules) == 0 ? [] : var.egress_rules
+      content {
+          from_port        = lookup(egress.value, "from_port", null)
+          to_port          = lookup(egress.value, "to_port", null)
+          protocol         = lookup(egress.value, "protocol", null)
+          cidr_blocks      = lookup(egress.value, "cidr_blocks", [])
+          description      = lookup(egress.value, "description", null)
+          self             = lookup(egress.value, "self", false)
+          security_groups  = lookup(egress.value, "security_groups", [])
+          ipv6_cidr_blocks = lookup(egress.value, "ipv6_cidr_blocks", [])
+          prefix_list_ids  = lookup(egress.value, "prefix_list_ids", [])
+      }
+  }
 }
diff --git a/variables.tf b/variables.tf
@@ -21,30 +21,10 @@ variable "common_tags" {
 
 variable "ingress_rules" {
     description = "Ingress rules for security group"
-    type        = list(object({
-        from_port        = string
-        to_port          = number
-        protocol         = string
-        cidr_blocks      = list(string)
-        description      = string
-        self             = bool
-        security_groups  = list(string)
-        ipv6_cidr_blocks = list(string)
-        prefix_list_ids  = list(string)
-  }))
+    type        = any
 }
 
 variable "egress_rules" {
     description = "Egress rules for security group"
-    type        = list(object({
-        from_port        = string
-        to_port          = number
-        protocol         = string
-        cidr_blocks      = list(string)
-        description      = string
-        self             = bool
-        security_groups  = list(string)
-        ipv6_cidr_blocks = list(string)
-        prefix_list_ids  = list(string)
-  }))
+    type        = any
 }