Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

EndpointSG should only be created when VPC endpoints are defined #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

EndpointSG should only be created when VPC endpoints are defined #1

wants to merge 1 commit into from

Conversation

bobmacks
Copy link

@bobmacks bobmacks commented Nov 6, 2020

EndpointSG should only be created if VPC endpoints are in-use.
Set SGs to only be created if var.vpc_endpoint is not an empty list

@bobmacks bobmacks changed the title EndpointSG should only be created VPC endpoints are in-use EndpointSG should only be created when VPC endpoints are defined Nov 6, 2020
sobil
sobil approved these changes Feb 10, 2023
View reviewed changes
Copy link

@sobil sobil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be good.

sobil
sobil reviewed Feb 10, 2023
View reviewed changes
vpc-endpoints.tf
name = "EndpointSG"
description = "Allow indbound and outbound traffic for VPC endpoint"
vpc_id = aws_vpc.main.id
}

resource "aws_security_group_rule" "allow_all_ingress" {
count = length(var.vpc_endpoints) != 0 ? 1 : 0
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we sneak this fix in too?

Suggested change
cidr_blocks = ["0.0.0.0/0"]
cidr_blocks = [var.vpc_cidr_block]

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sobil sobil sobil approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bobmacks @sobil