Add timeouts configuration options

nmalarenko · nmalarenko · commit 88f51ed1c660 · 2021-10-14T13:30:31.000+07:00
Adding possibility to use timeouts option for aws_security_group resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group#timeouts
diff --git a/README.md b/README.md
@@ -246,6 +246,8 @@ No modules.
 | <a name="input_rules"></a> [rules](#input\_rules) | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kafka-jmx-exporter-tcp": [<br>    11001,<br>    11001,<br>    "tcp",<br>    "Kafka JMX Exporter"<br>  ],<br>  "kafka-node-exporter-tcp": [<br>    11002,<br>    11002,<br>    "tcp",<br>    "Kafka Node Exporter"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldap-tcp": [<br>    389,<br>    389,<br>    "tcp",<br>    "LDAP"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "logstash-tcp": [<br>    5044,<br>    5044,<br>    "tcp",<br>    "Logstash"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "saltstack-tcp": [<br>    4505,<br>    4506,<br>    "tcp",<br>    "SaltStack"<br>  ],<br>  "smtp-submission-2587-tcp": [<br>    2587,<br>    2587,<br>    "tcp",<br>    "SMTP Submission"<br>  ],<br>  "smtp-submission-587-tcp": [<br>    587,<br>    587,<br>    "tcp",<br>    "SMTP Submission"<br>  ],<br>  "smtp-tcp": [<br>    25,<br>    25,<br>    "tcp",<br>    "SMTP"<br>  ],<br>  "smtps-2456-tcp": [<br>    2465,<br>    2465,<br>    "tcp",<br>    "SMTPS"<br>  ],<br>  "smtps-465-tcp": [<br>    465,<br>    465,<br>    "tcp",<br>    "SMTPS"<br>  ],<br>  "solr-tcp": [<br>    8983,<br>    8987,<br>    "tcp",<br>    "Solr"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
 | <a name="input_security_group_id"></a> [security\_group\_id](#input\_security\_group\_id) | ID of existing security group whose rules we will manage | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
+| <a name="input_timeout_create"></a> [timeout_create](#input\_timeout\_create) | Time to wait for a security group to be created | `string` | `10m` | no |
+| <a name="input_timeout_delete"></a> [timeout_delete](#input\_timeout\_delete) | Time to wait for a security group to be deleted | `string` | `15m` | no |
 | <a name="input_use_name_prefix"></a> [use\_name\_prefix](#input\_use\_name\_prefix) | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where to create security group | `string` | `null` | no |
 
diff --git a/main.tf b/main.tf
@@ -22,6 +22,11 @@ resource "aws_security_group" "this" {
     },
     var.tags,
   )
+
+  timeouts {
+    create = var.timeout_create
+    delete = var.timeout_delete
+  }
 }
 
 #################################
@@ -45,6 +50,11 @@ resource "aws_security_group" "this_name_prefix" {
   lifecycle {
     create_before_destroy = true
   }
+
+  timeouts {
+    create = var.timeout_create
+    delete = var.timeout_delete
+  }
 }
 
 ###################################
diff --git a/variables.tf b/variables.tf
@@ -55,6 +55,18 @@ variable "tags" {
   default     = {}
 }
 
+variable "timeout_create" {
+  description = "Time to wait for a security group to be created"
+  type        = string
+  default     = "10m"
+}
+
+variable "timeout_delete" {
+  description = "Time to wait for a security group to be deleted"
+  type        = string
+  default     = "15m"
+}
+
 ##########
 # Ingress
 ##########

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,11 @@ resource "aws_security_group" "this" {`
`22`	`22`	`},`
`23`	`23`	`var.tags,`
`24`	`24`	`)`
	`25`	`+`
	`26`	`+ timeouts {`
	`27`	`+ create = var.timeout_create`
	`28`	`+ delete = var.timeout_delete`
	`29`	`+ }`
`25`	`30`	`}`
`26`	`31`
`27`	`32`	`#################################`
`@@ -45,6 +50,11 @@ resource "aws_security_group" "this_name_prefix" {`
`45`	`50`	`lifecycle {`
`46`	`51`	`create_before_destroy = true`
`47`	`52`	`}`
	`53`	`+`
	`54`	`+ timeouts {`
	`55`	`+ create = var.timeout_create`
	`56`	`+ delete = var.timeout_delete`
	`57`	`+ }`
`48`	`58`	`}`
`49`	`59`
`50`	`60`	`###################################`