From d8e90e228c70366de1d33762947b5490919a294e Mon Sep 17 00:00:00 2001
From: Florin Andrei <901867+FlorinAndrei@users.noreply.github.com>
Date: Fri, 19 Sep 2025 13:18:05 -0700
Subject: [PATCH 1/4] allow SG rules to reference self SG

---
 main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index d02b7aa..2020140 100644
--- a/main.tf
+++ b/main.tf
@@ -330,7 +330,7 @@ resource "aws_vpc_security_group_ingress_rule" "this" {
   description                  = try(each.value.description, null)
   from_port                    = try(each.value.from_port, local.port)
   prefix_list_id               = lookup(each.value, "prefix_list_id", null)
-  referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null)
+  referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null) == "self" ? aws_security_group.this[0].id : lookup(each.value, "referenced_security_group_id", null)
   to_port                      = try(each.value.to_port, local.port)
 
   tags = merge(local.tags, var.security_group_tags, try(each.value.tags, {}))
@@ -349,7 +349,7 @@ resource "aws_vpc_security_group_egress_rule" "this" {
   description                  = try(each.value.description, null)
   from_port                    = try(each.value.from_port, null)
   prefix_list_id               = lookup(each.value, "prefix_list_id", null)
-  referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null)
+  referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null) == "self" ? aws_security_group.this[0].id : lookup(each.value, "referenced_security_group_id", null)
   to_port                      = try(each.value.to_port, null)
 
   tags = merge(local.tags, var.security_group_tags, try(each.value.tags, {}))

From 5afa22e214427d290657f4caa6fb3fb921f91b24 Mon Sep 17 00:00:00 2001
From: Florin Andrei <901867+FlorinAndrei@users.noreply.github.com>
Date: Fri, 19 Sep 2025 13:29:02 -0700
Subject: [PATCH 2/4] add example for the "self" rule

---
 examples/redis-cluster/main.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/examples/redis-cluster/main.tf b/examples/redis-cluster/main.tf
index 9e1e504..f383df6 100644
--- a/examples/redis-cluster/main.tf
+++ b/examples/redis-cluster/main.tf
@@ -44,6 +44,11 @@ module "elasticache" {
       description = "VPC traffic"
       cidr_ipv4   = module.vpc.vpc_cidr_block
     }
+    ingress-self-redis = {
+      type = "ingress"
+      referenced_security_group_id = "self"
+      description = "Allow traffic from this security group to itself."
+    }
   }
 
   # Subnet Group

From a5ccd27d76e9b81aee77e703ef16ef0374883d10 Mon Sep 17 00:00:00 2001
From: Florin Andrei <901867+FlorinAndrei@users.noreply.github.com>
Date: Fri, 19 Sep 2025 13:32:32 -0700
Subject: [PATCH 3/4] remove VPC block from example

---
 examples/redis-cluster/main.tf | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/examples/redis-cluster/main.tf b/examples/redis-cluster/main.tf
index f383df6..d8bd759 100644
--- a/examples/redis-cluster/main.tf
+++ b/examples/redis-cluster/main.tf
@@ -38,12 +38,6 @@ module "elasticache" {
   # Security Group
   vpc_id = module.vpc.vpc_id
   security_group_rules = {
-    ingress_vpc = {
-      # Default type is `ingress`
-      # Default port is based on the default engine port
-      description = "VPC traffic"
-      cidr_ipv4   = module.vpc.vpc_cidr_block
-    }
     ingress-self-redis = {
       type = "ingress"
       referenced_security_group_id = "self"

From b4e363a979fd5c916ee9d6508569f2946b665e1c Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Thu, 25 Sep 2025 15:41:54 -0500
Subject: [PATCH 4/4] fix: Execute `pre-commit run -a`

---
 .pre-commit-config.yaml        | 4 ++--
 examples/redis-cluster/main.tf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 626bd79..11084f7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.99.5
+    rev: v1.100.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_workspace_remote'
       - id: terraform_validate
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/examples/redis-cluster/main.tf b/examples/redis-cluster/main.tf
index d8bd759..b659d13 100644
--- a/examples/redis-cluster/main.tf
+++ b/examples/redis-cluster/main.tf
@@ -39,9 +39,9 @@ module "elasticache" {
   vpc_id = module.vpc.vpc_id
   security_group_rules = {
     ingress-self-redis = {
-      type = "ingress"
+      type                         = "ingress"
       referenced_security_group_id = "self"
-      description = "Allow traffic from this security group to itself."
+      description                  = "Allow traffic from this security group to itself."
     }
   }