From 0b6e249021aeb5f064323abfa9de42fb619323e5 Mon Sep 17 00:00:00 2001 From: PePe Amengual Date: Thu, 7 Nov 2019 20:23:36 -0800 Subject: [PATCH] Adding the option to defina an empty ALB SGs (#40) * Adding the option to defina an empty ALB SGs * fixning security group rules * Adding default for alb_sg and updating readme * Adding var.use_alb_security_group * Updatind readme for new var.use_alb_security_group * removing != from conditional since if not needed --- README.md | 3 ++- docs/terraform.md | 3 ++- main.tf | 2 +- variables.tf | 7 +++++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 933ad8e7..ddb976a6 100644 --- a/README.md +++ b/README.md @@ -181,7 +181,7 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| alb_security_group | Security group of the ALB | string | - | yes | +| alb_security_group | Security group of the ALB | string | `` | no | | assign_public_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | bool | `false` | no | | attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | | container_definition_json | The JSON of the task container definition | string | - | yes | @@ -214,6 +214,7 @@ Available targets: | task_cpu | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `256` | no | | task_memory | The amount of memory (in MiB) used by the task. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `512` | no | | task_placement_constraints | A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#placement-constraints-arguments | object | `` | no | +| use_alb_security_group | A flag to enable/disable adding the ingress rule to the ALB security group | bool | `false` | no | | volumes | Task volume definitions as list of configuration objects | object | `` | no | | vpc_id | The VPC ID where resources are created | string | - | yes | diff --git a/docs/terraform.md b/docs/terraform.md index 8a9e3b01..0a74da21 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -2,7 +2,7 @@ | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| alb_security_group | Security group of the ALB | string | - | yes | +| alb_security_group | Security group of the ALB | string | `` | no | | assign_public_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | bool | `false` | no | | attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | | container_definition_json | The JSON of the task container definition | string | - | yes | @@ -35,6 +35,7 @@ | task_cpu | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `256` | no | | task_memory | The amount of memory (in MiB) used by the task. If using Fargate launch type `task_memory` must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | number | `512` | no | | task_placement_constraints | A set of placement constraints rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. See `placement_constraints` docs https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html#placement-constraints-arguments | object | `` | no | +| use_alb_security_group | A flag to enable/disable adding the ingress rule to the ALB security group | bool | `false` | no | | volumes | Task volume definitions as list of configuration objects | object | `` | no | | vpc_id | The VPC ID where resources are created | string | - | yes | diff --git a/main.tf b/main.tf index d1112d07..84cc686b 100644 --- a/main.tf +++ b/main.tf @@ -223,7 +223,7 @@ resource "aws_security_group_rule" "allow_icmp_ingress" { } resource "aws_security_group_rule" "alb" { - count = var.enabled ? 1 : 0 + count = var.enabled && var.use_alb_security_group ? 1 : 0 type = "ingress" from_port = 0 to_port = var.container_port diff --git a/variables.tf b/variables.tf index fe7ed64e..b60bc95b 100644 --- a/variables.tf +++ b/variables.tf @@ -47,6 +47,7 @@ variable "vpc_id" { variable "alb_security_group" { type = string description = "Security group of the ALB" + default = "" } variable "ecs_cluster_arn" { @@ -234,3 +235,9 @@ variable "service_registries" { description = "The service discovery registries for the service. The maximum number of service_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - `aws_service_discovery_service`; see `service_registries` docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1" default = [] } + +variable "use_alb_security_group" { + type = bool + description = "A flag to enable/disable adding the ingress rule to the ALB security group" + default = false +} \ No newline at end of file