feat: Add support for creating a security group along with the load balancer

[bryantbiggs]

Description

• Add support for creating a security group along with the load balancer

Motivation and Context

• All ALBs created require a security group which then means another module definition for users. Instead, this now adds the ability to add the necessary rules directly into the ALB module. In the future, I'd like to look at mapping the listeners into rules to where users only need to specify the port and protocol once and this will create the necessary network access (they will still have to add CIDR blocks, etc., to know where that traffic is coming from or going to, but the port and protocol won't be duplicated)

Breaking Changes

• No

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects

• I have executed pre-commit run -a on my pull request

[antonbabenko]

Minor comments here and there...

[antonbabenko]

There is already var.vpc_id, so no need to use data-source aws_subnet.this to fetch it.

[bryantbiggs]

updated in 0ad1649

[antonbabenko]

Let's add Name tag at the end, as we do for other resources already (like this one):

    {
      "Name" = ... (something like `var.security_group_use_name_prefix ? null : local.security_group_name` maybe)
    },

[bryantbiggs]

added in 0ad1649

[antonbabenko]

Let's add back the line and the call to security-group module as an example:

security_groups = [module.security_group.security_group_id]

[bryantbiggs]

re-added in 0ad1649

[antonbabenko]

Suggested change

	GithubRepo = "terraform-aws-eks"
	GithubRepo = "terraform-aws-alb"

[bryantbiggs]

whoops - how did that get there 😅

[antonbabenko]

This PR is included in version 8.3.0 🎉

[gidimariastorm]

please rollback or fix it.
When I'm creating a NLB I'm receiving this error:

│ Error: creating network Load Balancer: InvalidConfigurationRequest: Security groups are not supported for load balancers with type 'network'
│       status code: 400, request id: 81f69f77-12d9-44ec-8cf3-90131a19631d
│ 
│   with module.nlb.aws_lb.this[0],
│   on .terraform/modules/nlb/main.tf line 5, in resource "aws_lb" "this":
│    5: resource "aws_lb" "this" {

[jcolfej]

Why is create_security_group enabled by default ?
This is breaking change for all user that previously use the module.
We need to add create_security_group = false to continue to use the module now...

[bryantbiggs]

This is breaking change for all user that previously use the module.

Could you elaborate on why this is a breaking change? I understand that there was an unfortunate bug which has since been patched in https://github.com/terraform-aws-modules/terraform-aws-alb/releases/tag/v8.3.1, but otherwise its not a breaking change

[jcolfej]

My bad, it's not breaking change, I'm a bit strong with my words...

Just that the change to this new version means that all users of the previous versions will have, on next apply, a creation of a security_group, which is useless, and which will also modify the loadbalancer for nothing.

It would have been better to set create_security_group = false by default to keep the old way of working and to allow new implementations to use this feature if needed.

[falc410]

Also broke our projects since we already had a security group and now the module wanted to create another one. So I second that you should set create_security_group = false by default

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.