From 8bb6feddbc1c4391c8f3d77c790b214c26d1d96d Mon Sep 17 00:00:00 2001
From: Jochem Lugtenburg <jochemlugtenburg@gmail.com>
Date: Thu, 2 Oct 2025 13:24:30 +0200
Subject: [PATCH] feat: allow passing allowed security groups by id

---
 src/main.tf      | 2 +-
 src/variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main.tf b/src/main.tf
index 839fa40..8885d87 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -10,7 +10,7 @@ locals {
     for eks in module.eks :
     eks.outputs.eks_cluster_managed_security_group_id
   ]
-  allowed_security_groups = concat(data.aws_security_groups.allowed.ids, local.allowed_eks_security_groups)
+  allowed_security_groups = concat(data.aws_security_groups.allowed.ids, local.allowed_eks_security_groups, var.allowed_security_group_ids)
 
   zone_id = module.dns_gbl_delegated.outputs.default_dns_zone_id
 
diff --git a/src/variables.tf b/src/variables.tf
index fdc9adb..e6b8b8f 100644
--- a/src/variables.tf
+++ b/src/variables.tf
@@ -275,6 +275,12 @@ variable "allowed_security_group_names" {
   default     = []
 }
 
+variable "allowed_security_group_ids" {
+  type        = list(string)
+  description = "List of security group ids that should be allowed access to the database"
+  default     = []
+}
+
 variable "eks_security_group_enabled" {
   type        = bool
   description = "Use the eks default security group"