feat: added sg description

clouddrove · Jun 12, 2023 · 5a0cf3a · 5a0cf3a
1 parent 04d4b04
commit 5a0cf3a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -39,10 +39,10 @@ data "aws_security_group" "existing" {
 ## Below resources will create SECURITY-GROUP-RULE and its components.
 ##----------------------------------------------------------------------------------
 #tfsec:ignore:aws-ec2-no-public-egress-sgr
-#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
 resource "aws_security_group_rule" "egress" {
   count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.is_external == false && var.egress_rule == true) ? 1 : 0
 
+  description = var.sg_egress_description
   type              = "egress"
   from_port         = 0
   to_port           = 65535
@@ -51,21 +51,21 @@ resource "aws_security_group_rule" "egress" {
   security_group_id = join("", aws_security_group.default.*.id)
 }
 #tfsec:ignore:aws-ec2-no-public-egress-sgr
-#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
 resource "aws_security_group_rule" "egress_ipv6" {
   count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.is_external == false) && var.egress_rule == true ? 1 : 0
 
+  description = var.sg_egress_description
   type              = "egress"
   from_port         = 0
   to_port           = 65535
   protocol          = "-1"
   ipv6_cidr_blocks  = ["::/0"]
   security_group_id = join("", aws_security_group.default.*.id)
 }
-#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
 resource "aws_security_group_rule" "ingress" {
   count = length(var.allowed_ip) > 0 == true && length(var.sg_ids) < 1 ? length(compact(var.allowed_ports)) : 0
 
+  description = var.sg_egress_description
   type              = "ingress"
   from_port         = element(var.allowed_ports, count.index)
   to_port           = element(var.allowed_ports, count.index)

diff --git a/variables.tf b/variables.tf
@@ -375,6 +375,11 @@ variable "sg_description" {
   default     = "Instance default security group (only egress access is allowed)."
   description = "The security group description."
 }
+variable "sg_egress_description" {
+  type        = string
+  default     = "Description of the rule."
+  description = "Description of the egress and ingress rule"
+}
 
 ##---------------------route53------------------------
 variable "route53_record_enabled" {