Skip to content

feat: Upgrade to aws vpc security group rule #343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

feat: Upgrade to aws vpc security group rule #343

wants to merge 16 commits into from
+9,601 −9,090

Conversation

kirkchong
Copy link

@kirkchong kirkchong commented Oct 4, 2025
edited
Loading

Description

This PR changes the use of aws_security_group_rule to aws_vpc_security_ingress/egress_rule

Motivation and Context

As discussed in 327, switching to use aws_vpc_ingress/egress_rule will allow the usage of tags and is the recommended way going forward.

Breaking Changes

A full rename of variables, fields as its a change of resources, and to keep the naming pattern consistent.
Notably:

  • variable name changes as per variables.tf
  • field name changes
    {
      from_port   = 15
      to_port     = 25
      ip_protocol = 6 # changed from protocol # changed from protocol
      description = "Service name with vpc cidr"
      cidr_ipv4   = module.vpc.vpc_cidr_block  #changed from cidr_blocks
    },
    {
      from_port   = 300
      to_port     = 400
      ip_protocol = "tcp"
      description = "Service ports (ipv6)"
      cidr_ipv6   = "2001:db8::/64" # changed from ipv6_cidr_blocks
    },
      {
      from_port                    = 10
      to_port                      = 10
      ip_protocol                  = 6
      description                  = "Service name"
      referenced_security_group_id = data.aws_security_group.default.id #changed from source_security_group_id
    },
  • comma separated values like in cidr_blocks are no longer possible
 ingress_with_cidr_ipv4 = [
    {
      rule      = "postgresql-tcp"
      cidr_ipv4 = "0.0.0.0/0"  # "0.0.0.0/0,1.1.1.1/32" is no longer possible
    },

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects

I tested the changes individually for each resources with multiple configurations (e.g. 2 prefix list * 3 ingress rules etc)
I do intend to squash my commits, please go through them individually as I find it easier to review.
My constraints while writing this: "aws_security_group" allows for multiple fields of multiple values, such as having prefix_list_ids and cidr_blocks="1.1.1.1/32,0.0.0.0/0", for aws_vpc_security_ingress, only one field and one value is supported.

kirkchong added 16 commits October 4, 2025 16:55
@kirkchong
feat: Update aws_sg_rule.ingress_rules to aws_vpc_sg_rule
6495e0b
@kirkchong
feat: Update aws_sg_rule.computed_ingress_rules to aws_vpc_sg.compute…
d0e047c 
…d_ingress_rules
@kirkchong
feat: Update aws_sg_rule.ingress_with_sg_id to aws_vpc_ingress_rule
b2a3b07
@kirkchong
feat: Update aws_sg_rule.computed_ingress_with_sg to aws_vpc_sg_ingress
955fd94
@kirkchong
feat: Add new vpc_sg_ingress_rule to maintain allow ingress_prefix_li…
be794e3 
…st_ids behavior
@kirkchong
feat: Update aws_sg_rule.ingress_with_cidr_blocks to aws_vpc_ingress_…
cc82d26 
…rule
@kirkchong
feat: Update aws_sg_rule.computed_ingress_with_cidr_blocks to aws_vpc…
54fb79d 
…_ingress_rule
@kirkchong
feat: Update ipv6 ingress sg rules to vpc_security_ingress_rule
7578b15
@kirkchong
feat: Update aws_sg_rule.ingress_with_prefix_list_ids to aws_vpc_ingr…
e7ddde7 
…ess_rule
@kirkchong
feat: Update egress rules and computed egress rules to vpc_sg_egress_…
63920ae 
…rule
@kirkchong
feat: Update egress source_sg_rule to referenced_sg vpc_sg_egress_rule
82dca02
@kirkchong
feat: Update egress cidr_blocks to cidr_ipv4 vpc_sg_egress_rule
ecbda62
@kirkchong
feat: Update egress cidr_ipv6 to vpc_sg_egress_rule
8e1bc1a
@kirkchong
feat: Update egress_with_self to vpc_sg_egress_rule
0092e00
@kirkchong
feat: Update egress_with_prefix_list_ids to vpc_sg_egress_rule
97fcae0
@kirkchong
feat: Update docs, modules, wrappers with new variable names
0138091
@kirkchong kirkchong changed the title Feat/upgrade to aws vpc security group rule feat: upgrade to aws vpc security group rule Oct 4, 2025
@kirkchong kirkchong changed the title feat: upgrade to aws vpc security group rule feat: Upgrade to aws vpc security group rule Oct 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kirkchong