Skip to content

feat: Allow security group rules to reference the security group created by the module #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 25, 2025
Merged

feat: Allow security group rules to reference the security group created by the module #51

merged 4 commits into from
Sep 25, 2025

Conversation

FlorinAndrei
Copy link
Contributor

Description

In the security group created by this module, allow rules to reference this security group itself as the source, in a manner similar to the self = true argument for the older aws_security_group_rule resource type.
This is done by introducing the special value "self" for the referenced_security_group_id of the SG rule resource. When this value is used, then referenced_security_group_id receives as a value the ID of the security group created by this module.

  security_group_rules = {
    ingress-self-redis = {
      type = "ingress"
      referenced_security_group_id = "self"
      description = "Allow traffic from this security group to itself."
    }
  }

Motivation and Context

aws_vpc_security_group_ingress_rule and its egress companion do not have a self argument. This is reflected in the way this module is written.
For clusters in general, it is a good idea to allow intra-cluster communication by default, for reasons such as replication, etc.
We have "self" type rules for the SGs of all clusters.

Breaking Changes

None.

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

@bryantbiggs bryantbiggs changed the title Create security group rules that reference this security group itself feat: Allow security group rules to reference the security group created by the module Sep 25, 2025
bryantbiggs
bryantbiggs approved these changes Sep 25, 2025
View reviewed changes
Copy link
Member

@bryantbiggs bryantbiggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you!

@bryantbiggs bryantbiggs merged commit 42ccd24 into terraform-aws-modules:master Sep 25, 2025
15 checks passed
antonbabenko pushed a commit that referenced this pull request Sep 25, 2025
@semantic-release-bot
chore(release): version 1.9.0 [skip ci]
c420285 
## [1.9.0](v1.8.0...v1.9.0) (2025-09-25)

### Features

* Allow security group rules to reference the security group created by the module ([#51](#51)) ([42ccd24](42ccd24))
@antonbabenko
Copy link
Member

This PR is included in version 1.9.0 🎉

@FlorinAndrei
Copy link
Contributor Author

@bryantbiggs @antonbabenko I know you have other modules that could use this improvement. I'm not sure how you want to handle that. I'm a little behind the schedule right now with my projects, so I don't know how much time I'll have to spend on this topic. I'm sure you guys are far more conversant in your own code than I am, so maybe this is an easy add for you?

@bryantbiggs
Copy link
Member

thank you - it varies on a case by case basis. I don't know of any other modules that don't have this capability but should - but happy to review any PRs where it would be of use

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryantbiggs bryantbiggs bryantbiggs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@FlorinAndrei @antonbabenko @bryantbiggs