Merge pull request #18 from DNXLabs/feature/allow_cidrs

Feature/allow_security_groups
DNXLabs · Apr 21, 2022 · c471fbc · c471fbc
2 parents 827c37d + 54a7d06
commit c471fbc
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@
 |------|-------------|------|---------|:--------:|
 | allocated\_storage | Storage size in GB | `number` | `null` | no |
 | allow\_cidrs | List of CIDRs to allow connection to this DB | `list(string)` | `[]` | no |
-| allow\_security\_group\_ids | List of Security Group IDs to allow connection to this DB | `list(string)` | `[]` | no |
+| allow\_security\_group\_ids | List of Security Group IDs to allow connection to this DB | <pre>list(object({<br>    security_group_id = string<br>    description = string<br>    name = string<br>  }))</pre> | `[]` | no |
 | apply\_immediately | Apply changes immediately or wait for the maintainance window | `bool` | `true` | no |
 | backup | Enables automatic backup with AWS Backup | `bool` | n/a | yes |
 | backup\_window | (RDS Only) The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance\_window | `string` | `"03:00-03:30"` | no |

diff --git a/_variables.tf b/_variables.tf
@@ -19,7 +19,11 @@ variable "iam_database_authentication_enabled" {
 }
 
 variable "allow_security_group_ids" {
-  type        = list(string)
+  type        = list(object({
+    security_group_id = string
+    description = string
+    name = string
+  }))
   description = "List of Security Group IDs to allow connection to this DB"
   default     = []
 }

diff --git a/sg.tf b/sg.tf
@@ -19,15 +19,15 @@ resource "aws_security_group_rule" "rds_db_inbound_cidrs" {
   description       = "From CIDR ${join(", ", var.allow_cidrs)}"
 }
 
-resource "aws_security_group_rule" "rds_db_inbound_ecs" {
-  count                    = length(var.allow_security_group_ids)
+resource "aws_security_group_rule" "rds_db_inbound_from_sg" {
+  for_each                 = { for security_group_id in var.allow_security_group_ids : security_group_id.name => security_group_id }
   type                     = "ingress"
   from_port                = var.port
   to_port                  = var.port
   protocol                 = "tcp"
-  source_security_group_id = var.allow_security_group_ids[count.index]
+  source_security_group_id = each.value.security_group_id
   security_group_id        = aws_security_group.rds_db.id
-  description              = "From ECS Nodes"
+  description              = try(each.value.description, "From ${each.value.security_group_id}")
 }
 
 resource "aws_security_group_rule" "egress_rule" {