Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Allow default_security_group to have no rules #1123

Commits on Sep 30, 2024

  1. Allow default_security_group to have no rules

    The current implementation of the aws_default_security_group
    uses dynamic blocks for both ingress and egress rules. If no
    rules are passed in, then no dynamic blocks are generated,
    and no pre-existng rules are changed. In order to implement the
    CIS benchmark of no rules, the aws_default_security_group
    resorce needs to be created passing empty lists as ingress
    and egress rules.
    
    This commit updates the default ingress/egress rules to be
    those AWS uses when it initially created the default SG.
    It then sets the boolen local.empty_default_security_group
    if both ingress and egress rules passed in are empty lists.
    Finally it conditionally creates empty aws_default_security_group
    resource if local.empty_default_security_group is true.  If
    local.empty_default_security_group is false, the original
    aws_default_security_group resource is utilized.
    Britt Houser authored and Britt Houser committed Sep 30, 2024
    Configuration menu
    Copy the full SHA
    0b0b3c8 View commit details
    Browse the repository at this point in the history

Commits on Oct 1, 2024

  1. Add example VPC creation with empty default security group

    Britt Houser authored and Britt Houser committed Oct 1, 2024
    Configuration menu
    Copy the full SHA
    6cebe30 View commit details
    Browse the repository at this point in the history