Enable or disable the default security group (#70)

* Add option for var.sg_default_enabled

* Add option for var.sg_default_enabled

* Auto Format

* Change name to security_group_enabled

* Update variables.tf

* Auto Format

Co-authored-by: cloudpossebot <[email protected]>

README.md

@@ -233,6 +233,7 @@ Available targets:
 | noncurrent\_version\_expiration\_days | Specifies when noncurrent s3 log versions expire | `number` | `90` | no |
 | noncurrent\_version\_transition\_days | Specifies when noncurrent s3 log versions transition | `number` | `30` | no |
 | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| security\_group\_enabled | Enables the security group | `bool` | `true` | no |
 | security\_group\_ids | A list of additional security group IDs to allow access to ALB | `list(string)` | `[]` | no |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | standard\_transition\_days | Number of days to persist logs in standard storage tier before moving to the infrequent access tier | `number` | `30` | no |

docs/terraform.md

@@ -67,6 +67,7 @@
 | noncurrent\_version\_expiration\_days | Specifies when noncurrent s3 log versions expire | `number` | `90` | no |
 | noncurrent\_version\_transition\_days | Specifies when noncurrent s3 log versions transition | `number` | `30` | no |
 | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| security\_group\_enabled | Enables the security group | `bool` | `true` | no |
 | security\_group\_ids | A list of additional security group IDs to allow access to ALB | `list(string)` | `[]` | no |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | standard\_transition\_days | Number of days to persist logs in standard storage tier before moving to the infrequent access tier | `number` | `30` | no |

main.tf

@@ -1,13 +1,13 @@
 resource "aws_security_group" "default" {
-  count       = module.this.enabled ? 1 : 0
+  count       = module.this.enabled && var.security_group_enabled ? 1 : 0
   description = "Controls access to the ALB (HTTP/HTTPS)"
   vpc_id      = var.vpc_id
   name        = module.this.id
   tags        = module.this.tags
 }
 
 resource "aws_security_group_rule" "egress" {
-  count             = module.this.enabled ? 1 : 0
+  count             = module.this.enabled && var.security_group_enabled ? 1 : 0
   type              = "egress"
   from_port         = "0"
   to_port           = "0"
@@ -17,7 +17,7 @@ resource "aws_security_group_rule" "egress" {
 }
 
 resource "aws_security_group_rule" "http_ingress" {
-  count             = module.this.enabled && var.http_enabled ? 1 : 0
+  count             = module.this.enabled && var.security_group_enabled && var.http_enabled ? 1 : 0
   type              = "ingress"
   from_port         = var.http_port
   to_port           = var.http_port
@@ -28,7 +28,7 @@ resource "aws_security_group_rule" "http_ingress" {
 }
 
 resource "aws_security_group_rule" "https_ingress" {
-  count             = module.this.enabled && var.https_enabled ? 1 : 0
+  count             = module.this.enabled && var.security_group_enabled && var.https_enabled ? 1 : 0
   type              = "ingress"
   from_port         = var.https_port
   to_port           = var.https_port

variables.tf

@@ -288,3 +288,9 @@ variable "additional_certs" {
   description = "A list of additonal certs to add to the https listerner"
   default     = []
 }
+
+variable "security_group_enabled" {
+  type        = bool
+  description = "Enables the security group"
+  default     = true
+}