diff --git a/README.md b/README.md
index e7a2b40..2dda362 100644
--- a/README.md
+++ b/README.md
@@ -179,6 +179,7 @@ No modules.
| [volume\_size](#input\_volume\_size) | Volume size of ebs storage. | `number` | `10` | no |
| [volume\_type](#input\_volume\_type) | Volume type of ebs storage. | `string` | `"gp2"` | no |
| [vpc](#input\_vpc) | VPC ID | `string` | `""` | no |
+| [create_default_sg](#input\_create_default_sg) | Creates default security group if value is true | `bool` | `true` | no |
| [zone\_id](#input\_zone\_id) | Route 53 Zone id. | `string` | `""` | no |
## Outputs
diff --git a/main.tf b/main.tf
index 0c82829..4e1f6b8 100644
--- a/main.tf
+++ b/main.tf
@@ -29,7 +29,7 @@ resource "aws_ssm_parameter" "opensearch_master_user" {
}
resource "aws_security_group" "es" {
- count = var.inside_vpc ? 1 : 0
+ count = var.inside_vpc && var.create_default_sg ? 1 : 0
name = var.default_security_group_name == "" ? "${var.vpc}-elasticsearch" : var.default_security_group_name
description = "Managed by Terraform"
vpc_id = data.aws_vpc.selected[0].id
@@ -83,7 +83,7 @@ resource "aws_opensearch_domain" "opensearch" {
for_each = var.inside_vpc ? [1] : []
content {
subnet_ids = var.subnet_ids
- security_group_ids = concat(var.sg_ids == "" ? [] : [var.sg_ids], [aws_security_group.es[0].id])
+ security_group_ids = concat(var.sg_ids == "" ? [] : [var.sg_ids], var.create_default_sg == true ? [aws_security_group.es[0].id] : [])
}
}
diff --git a/variables.tf b/variables.tf
index 8b8bf67..b7716c6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -253,4 +253,10 @@ variable "default_security_group_name" {
type = string
default = ""
description = "Default security group name"
+}
+
+variable "create_default_sg" {
+ type = bool
+ default = true
+ description = "Creates default security group if value is true"
}
\ No newline at end of file