diff --git a/README.md b/README.md
index 118711a9..8b194311 100644
--- a/README.md
+++ b/README.md
@@ -181,21 +181,25 @@ No modules.
| [aws_security_group_rule.computed_egress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.computed_egress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.computed_ingress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.egress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.ingress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
@@ -207,11 +211,13 @@ No modules.
| [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no |
| [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [computed\_egress\_with\_ipv6\_cidr\_blocks](#input\_computed\_egress\_with\_ipv6\_cidr\_blocks) | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [computed\_egress\_with\_prefix\_list\_ids](#input\_computed\_egress\_with\_prefix\_list\_ids) | List of computed egress rules to create where 'prefix\_list\_ids' is used only | `list(map(string))` | `[]` | no |
| [computed\_egress\_with\_self](#input\_computed\_egress\_with\_self) | List of computed egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [computed\_egress\_with\_source\_security\_group\_id](#input\_computed\_egress\_with\_source\_security\_group\_id) | List of computed egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [computed\_ingress\_rules](#input\_computed\_ingress\_rules) | List of computed ingress rules to create by name | `list(string)` | `[]` | no |
| [computed\_ingress\_with\_cidr\_blocks](#input\_computed\_ingress\_with\_cidr\_blocks) | List of computed ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [computed\_ingress\_with\_ipv6\_cidr\_blocks](#input\_computed\_ingress\_with\_ipv6\_cidr\_blocks) | List of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [computed\_ingress\_with\_prefix\_list\_ids](#input\_computed\_ingress\_with\_prefix\_list\_ids) | List of computed ingress rules to create where 'prefix\_list\_ids' is used | `list(map(string))` | `[]` | no |
| [computed\_ingress\_with\_self](#input\_computed\_ingress\_with\_self) | List of computed ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no |
@@ -225,6 +231,7 @@ No modules.
| [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no |
| [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [egress\_with\_ipv6\_cidr\_blocks](#input\_egress\_with\_ipv6\_cidr\_blocks) | List of egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [egress\_with\_prefix\_list\_ids](#input\_egress\_with\_prefix\_list\_ids) | List of egress rules to create where 'prefix\_list\_ids' is used only | `list(map(string))` | `[]` | no |
| [egress\_with\_self](#input\_egress\_with\_self) | List of egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [egress\_with\_source\_security\_group\_id](#input\_egress\_with\_source\_security\_group\_id) | List of egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
@@ -233,17 +240,20 @@ No modules.
| [ingress\_rules](#input\_ingress\_rules) | List of ingress rules to create by name | `list(string)` | `[]` | no |
| [ingress\_with\_cidr\_blocks](#input\_ingress\_with\_cidr\_blocks) | List of ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [ingress\_with\_ipv6\_cidr\_blocks](#input\_ingress\_with\_ipv6\_cidr\_blocks) | List of ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [ingress\_with\_prefix\_list\_ids](#input\_ingress\_with\_prefix\_list\_ids) | List of ingress rules to create where 'prefix\_list\_ids' is used only | `list(map(string))` | `[]` | no |
| [ingress\_with\_self](#input\_ingress\_with\_self) | List of ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [ingress\_with\_source\_security\_group\_id](#input\_ingress\_with\_source\_security\_group\_id) | List of ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [name](#input\_name) | Name of security group - not required if create\_sg is false | `string` | `null` | no |
| [number\_of\_computed\_egress\_rules](#input\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_cidr\_blocks](#input\_number\_of\_computed\_egress\_with\_cidr\_blocks) | Number of computed egress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks](#input\_number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks) | Number of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| [number\_of\_computed\_egress\_with\_prefix\_list\_ids](#input\_number\_of\_computed\_egress\_with\_prefix\_list\_ids) | Number of computed egress rules to create where 'prefix\_list\_ids' is used only | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_self](#input\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_source\_security\_group\_id](#input\_number\_of\_computed\_egress\_with\_source\_security\_group\_id) | Number of computed egress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
| [number\_of\_computed\_ingress\_rules](#input\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_cidr\_blocks](#input\_number\_of\_computed\_ingress\_with\_cidr\_blocks) | Number of computed ingress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks](#input\_number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks) | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| [number\_of\_computed\_ingress\_with\_prefix\_list\_ids](#input\_number\_of\_computed\_ingress\_with\_prefix\_list\_ids) | Number of computed ingress rules to create where 'prefix\_list\_ids' is used | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_self](#input\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_source\_security\_group\_id](#input\_number\_of\_computed\_ingress\_with\_source\_security\_group\_id) | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
diff --git a/main.tf b/main.tf
index 6ca0aaf9..8946dccf 100644
--- a/main.tf
+++ b/main.tf
@@ -430,6 +430,67 @@ resource "aws_security_group_rule" "computed_ingress_with_self" {
var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")][2],
)
}
+# Security group rules with "prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "ingress_with_prefix_list_ids" {
+ count = var.create ? length(var.ingress_with_prefix_list_ids) : 0
+
+ security_group_id = local.this_sg_id
+ type = "ingress"
+
+ prefix_list_ids = var.ingress_prefix_list_ids
+ description = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "description",
+ "Ingress Rule",
+ )
+
+ from_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
+ )
+ to_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
+ )
+ protocol = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][2],
+ )
+}
+
+# Computed - Security group rules with "prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" {
+ count = var.create ? var.number_of_computed_ingress_with_prefix_list_ids : 0
+
+ security_group_id = local.this_sg_id
+ type = "ingress"
+
+ prefix_list_ids = var.ingress_prefix_list_ids
+ description = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "description",
+ "Ingress Rule",
+ )
+
+ from_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
+ )
+ to_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
+ )
+ protocol = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][2],
+ )
+}
#################
# End of ingress
@@ -807,6 +868,93 @@ resource "aws_security_group_rule" "computed_egress_with_self" {
)
}
+# Security group rules with "egress_prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "egress_with_prefix_list_ids" {
+ count = var.create ? length(var.egress_with_prefix_list_ids) : 0
+
+ security_group_id = local.this_sg_id
+ type = "egress"
+
+ prefix_list_ids = var.egress_prefix_list_ids
+ description = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "description",
+ "Egress Rule",
+ )
+
+ from_port = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][0],
+ )
+ to_port = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][1],
+ )
+ protocol = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][2],
+ )
+}
+
+# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" {
+ count = var.create ? var.number_of_computed_egress_with_prefix_list_ids : 0
+
+ security_group_id = local.this_sg_id
+ type = "egress"
+
+ source_security_group_id = var.computed_egress_with_prefix_list_ids[count.index]["source_security_group_id"]
+ prefix_list_ids = var.egress_prefix_list_ids
+ description = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "description",
+ "Egress Rule",
+ )
+
+ from_port = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][0],
+ )
+ to_port = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][1],
+ )
+ protocol = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][2],
+ )
+}
+
################
# End of egress
################
diff --git a/variables.tf b/variables.tf
index 960f0cbc..9fa499d4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -118,6 +118,12 @@ variable "ingress_prefix_list_ids" {
default = []
}
+variable "ingress_with_prefix_list_ids" {
+ description = "List of ingress rules to create where 'prefix_list_ids' is used only"
+ type = list(map(string))
+ default = []
+}
+
###################
# Computed Ingress
###################
@@ -151,6 +157,12 @@ variable "computed_ingress_with_source_security_group_id" {
default = []
}
+variable "computed_ingress_with_prefix_list_ids" {
+ description = "List of computed ingress rules to create where 'prefix_list_ids' is used"
+ type = list(map(string))
+ default = []
+}
+
###################################
# Number of computed ingress rules
###################################
@@ -184,6 +196,12 @@ variable "number_of_computed_ingress_with_source_security_group_id" {
default = 0
}
+variable "number_of_computed_ingress_with_prefix_list_ids" {
+ description = "Number of computed ingress rules to create where 'prefix_list_ids' is used"
+ type = number
+ default = 0
+}
+
#########
# Egress
#########
@@ -217,6 +235,12 @@ variable "egress_with_source_security_group_id" {
default = []
}
+variable "egress_with_prefix_list_ids" {
+ description = "List of egress rules to create where 'prefix_list_ids' is used only"
+ type = list(map(string))
+ default = []
+}
+
variable "egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all egress rules"
type = list(string)
@@ -268,6 +292,12 @@ variable "computed_egress_with_source_security_group_id" {
default = []
}
+variable "computed_egress_with_prefix_list_ids" {
+ description = "List of computed egress rules to create where 'prefix_list_ids' is used only"
+ type = list(map(string))
+ default = []
+}
+
##################################
# Number of computed egress rules
##################################
@@ -301,6 +331,12 @@ variable "number_of_computed_egress_with_source_security_group_id" {
default = 0
}
+variable "number_of_computed_egress_with_prefix_list_ids" {
+ description = "Number of computed egress rules to create where 'prefix_list_ids' is used only"
+ type = number
+ default = 0
+}
+
variable "putin_khuylo" {
description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
type = bool