Merge pull request #2 from tedivm/optional_security_groups

tedivm · web-flow · commit 0943066aaa10 · 2022-08-15T11:09:42.000-05:00
Ability to specify additional security groups
diff --git a/README.md b/README.md
@@ -17,9 +17,10 @@ module "vpn" {
   source  = "tedivm/dev-vpn/aws"
   version = "~> 1.0"
 
-  identifier = "${local.identifier}-vpn"
-  subnet_ids = module.vpc.subnets.public[*].id
-  tags       = local.common_tags
+  identifier         = "${local.identifier}-vpn"
+  subnet_ids         = module.vpc.subnets.public[*].id
+  security_group_ids = [aws_security_group.optional.id]
+  tags               = local.common_tags
 }
 
 resource "local_file" "client_config" {
diff --git a/network.tf b/network.tf
@@ -4,7 +4,7 @@ resource "aws_ec2_client_vpn_network_association" "vpn_subnets" {
 
   client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
   subnet_id              = var.subnet_ids[count.index]
-  security_groups        = [aws_security_group.vpn_access.id]
+  security_groups        = concat([aws_security_group.vpn_access.id], var.security_group_ids)
 
   lifecycle {
     # This is a bug workaround- https://github.com/hashicorp/terraform-provider-aws/issues/14717
diff --git a/variables.tf b/variables.tf
@@ -9,6 +9,11 @@ variable "subnet_ids" {
   type        = list(string)
 }
 
+variable "security_group_ids" {
+  description = "Additional Security Groups to add to the VPN endpoint."
+  default     = []
+}
+
 variable "tags" {
   default = {}
 }

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,11 @@ variable "subnet_ids" {`
`9`	`9`	`type = list(string)`
`10`	`10`	`}`
`11`	`11`
	`12`	`+variable "security_group_ids" {`
	`13`	`+ description = "Additional Security Groups to add to the VPN endpoint."`
	`14`	`+ default = []`
	`15`	`+}`
	`16`	`+`
`12`	`17`	`variable "tags" {`
`13`	`18`	`default = {}`
`14`	`19`	`}`