feat: Added optional revoke_rules_on_delete functionality (required f…

…or EMR) (#179)

main.tf

@@ -15,9 +15,10 @@ locals {
 resource "aws_security_group" "this" {
   count = var.create && false == var.use_name_prefix ? 1 : 0
 
-  name        = var.name
-  description = var.description
-  vpc_id      = var.vpc_id
+  name                   = var.name
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
 
   tags = merge(
     var.tags,
@@ -33,9 +34,10 @@ resource "aws_security_group" "this" {
 resource "aws_security_group" "this_name_prefix" {
   count = var.create && var.use_name_prefix ? 1 : 0
 
-  name_prefix = "${var.name}-"
-  description = var.description
-  vpc_id      = var.vpc_id
+  name_prefix            = "${var.name}-"
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
 
   tags = merge(
     var.tags,

modules/README.md

@@ -21,6 +21,7 @@ List of Security Groups implemented as Terraform modules
 * [kibana](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/kibana)
 * [kubernetes-api](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/kubernetes-api)
 * [ldaps](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ldaps)
+* [logstash](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/logstash)
 * [memcached](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/memcached)
 * [minio](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/minio)
 * [mongodb](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mongodb)

modules/_templates/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress

modules/_templates/variables.tf

@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

modules/_templates/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

modules/activemq/README.md

@@ -18,7 +18,7 @@ All automatic values **activemq module** is using are available [here](https://g
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |

modules/activemq/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress

modules/activemq/variables.tf

@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

modules/activemq/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

modules/alertmanager/README.md

@@ -18,7 +18,7 @@ All automatic values **alertmanager module** is using are available [here](https
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |

modules/alertmanager/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress

modules/alertmanager/variables.tf

@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

modules/alertmanager/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

modules/carbon-relay-ng/README.md

@@ -18,7 +18,7 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |

modules/carbon-relay-ng/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress

modules/carbon-relay-ng/variables.tf

@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

modules/carbon-relay-ng/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

modules/cassandra/README.md

@@ -18,7 +18,7 @@ All automatic values **cassandra module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |

modules/cassandra/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress

modules/cassandra/variables.tf

@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

modules/cassandra/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

modules/consul/README.md

@@ -18,7 +18,7 @@ All automatic values **consul module** is using are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |

modules/consul/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress

modules/consul/variables.tf

@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

modules/consul/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

modules/docker-swarm/README.md

@@ -18,7 +18,7 @@ All automatic values **docker-swarm module** is using are available [here](https
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |

modules/docker-swarm/main.tf

@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress