From fbbac86345400f20119846f45d404f1e2e90518b Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Mon, 18 Dec 2023 13:18:53 -0600 Subject: [PATCH] Msk feature 2 (#452) * Create your own security group for msk * passing variables --- terraform-modules/aws/msk_1.0.9/main.tf | 2 ++ terraform-modules/aws/msk_1.0.9/variables.tf | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/terraform-modules/aws/msk_1.0.9/main.tf b/terraform-modules/aws/msk_1.0.9/main.tf index 79d0712b8..0553bb520 100644 --- a/terraform-modules/aws/msk_1.0.9/main.tf +++ b/terraform-modules/aws/msk_1.0.9/main.tf @@ -144,6 +144,8 @@ module "msk" { multi_vpc_connectivity_iam_enabled = var.multi_vpc_connectivity_iam_enabled properties = var.properties allowed_security_group_ids = var.allowed_security_group_ids + associated_security_group_ids = var.associated_security_group_ids + create_security_group = var.create_security_group depends_on = [ aws_cloudwatch_log_group.msk_cloudwatch_log_group, aws_s3_bucket.this, diff --git a/terraform-modules/aws/msk_1.0.9/variables.tf b/terraform-modules/aws/msk_1.0.9/variables.tf index 46d4ae012..13b15291b 100644 --- a/terraform-modules/aws/msk_1.0.9/variables.tf +++ b/terraform-modules/aws/msk_1.0.9/variables.tf @@ -117,6 +117,21 @@ variable "allowed_security_group_ids" { description = "The security_group_id_list output from the security_groups module" } +variable "create_security_group" { + type = bool + description = "Set `true` to create and configure a new security group. If false, `associated_security_group_ids` must be provided." + default = true +} + +variable "associated_security_group_ids" { + type = list(string) + description = <<-EOT + A list of IDs of Security Groups to associate the created resource with, in addition to the created security group. + These security groups will not be modified and, if `create_security_group` is `false`, must have rules providing the desired access. + EOT + default = [] +} + variable "client_tls_auth_enabled" { type = bool description = "Set true to enable the Client TLS Authentication"