Merge pull request #60 from bwalendz/sgr-allow-empty-cidrs

[nomad-security-group-rules] allow empty list of allowed inbound CIDRs
hashicorp · Feb 26, 2020 · 5ecf115 · 5ecf115
2 parents 3b553ca + deb2d8b
commit 5ecf115
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/modules/nomad-security-group-rules/main.tf b/modules/nomad-security-group-rules/main.tf
@@ -11,6 +11,7 @@ terraform {
 }
 
 resource "aws_security_group_rule" "allow_http_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.http_port
   to_port     = var.http_port
@@ -21,6 +22,7 @@ resource "aws_security_group_rule" "allow_http_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_rpc_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.rpc_port
   to_port     = var.rpc_port
@@ -31,6 +33,7 @@ resource "aws_security_group_rule" "allow_rpc_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_serf_tcp_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.serf_port
   to_port     = var.serf_port
@@ -41,6 +44,7 @@ resource "aws_security_group_rule" "allow_serf_tcp_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_serf_udp_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.serf_port
   to_port     = var.serf_port