Allow other sg ingress (#24)

osocode · Chris Burton · Abdul Wahid · web-flow · commit a25f37f3f00b · 2022-05-12T20:21:46.000+01:00
* Allow to configure for ingress from other SGs

* Update README and basic example

* Add documentation

Co-authored-by: Chris Burton &lt;chris.burton@atmosphere.tv&gt;
Co-authored-by: Abdul Wahid &lt;abdul.wahid@umotif.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,10 +5,9 @@ All notable changes to this project will be documented in this file.
 <a name="unreleased"></a>
 ## [Unreleased]
 
-- Updated Readme
-- More changes
-- Fix dynamic
-- Initial commit
+- Update README and basic example
+- Allow to configure for ingress from other SGs
+- Support Redis log delivery ([#26](https://github.com/umotif-public/terraform-aws-elasticache-redis/issues/26))
 
 
 <a name="3.0.0"></a>
diff --git a/README.md b/README.md
@@ -103,6 +103,7 @@ No modules.
 | [aws_elasticache_replication_group.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource |
 | [aws_elasticache_subnet_group.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
 | [aws_security_group.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.other_sg_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [aws_security_group_rule.redis_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [aws_security_group_rule.redis_ingress_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [aws_security_group_rule.redis_ingress_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
@@ -112,6 +113,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_allowed_security_groups"></a> [allowed\_security\_groups](#input\_allowed\_security\_groups) | List of existing security groups that will be allowed ingress via the elaticache security group rules | `list(string)` | `[]` | no |
 | <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any modifications are applied immediately, or during the next maintenance window. | `bool` | `false` | no |
 | <a name="input_at_rest_encryption_enabled"></a> [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | Whether to enable encryption at rest. | `bool` | `true` | no |
 | <a name="input_auth_token"></a> [auth\_token](#input\_auth\_token) | The password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`. | `string` | `""` | no |
diff --git a/examples/redis-basic/main.tf b/examples/redis-basic/main.tf
@@ -18,6 +18,14 @@ data "aws_subnets" "all" {
     values = [data.aws_vpc.default.id]
   }
 }
+
+#####
+# External Security Group
+#####
+resource "aws_security_group" "other_sg" {
+  vpc_id = data.aws_vpc.default.id
+}
+
 #####
 # Elasticache Redis
 #####
@@ -49,6 +57,8 @@ module "redis" {
   subnet_ids = data.aws_subnets.all.ids
   vpc_id     = data.aws_vpc.default.id
 
+  allowed_security_groups = [aws_security_group.other_sg.id]
+
   ingress_cidr_blocks = ["0.0.0.0/0"]
 
   parameter = [
diff --git a/main.tf b/main.tf
@@ -137,3 +137,13 @@ resource "aws_security_group_rule" "redis_egress" {
   cidr_blocks       = ["0.0.0.0/0"]
   security_group_id = aws_security_group.redis.id
 }
+
+resource "aws_security_group_rule" "other_sg_ingress" {
+  count                    = length(var.allowed_security_groups)
+  type                     = "ingress"
+  from_port                = var.port
+  to_port                  = var.port
+  protocol                 = "tcp"
+  source_security_group_id = element(var.allowed_security_groups, count.index)
+  security_group_id        = aws_security_group.redis.id
+}
diff --git a/variables.tf b/variables.tf
@@ -208,3 +208,9 @@ variable "log_delivery_configuration" {
     error_message = "You can set 2 targets at most for log delivery options."
   }
 }
+
+variable "allowed_security_groups" {
+  type        = list(string)
+  description = "List of existing security groups that will be allowed ingress via the elaticache security group rules"
+  default     = []
+}

Original file line number	Diff line number	Diff line change
`@@ -208,3 +208,9 @@ variable "log_delivery_configuration" {`
`208`	`208`	`error_message = "You can set 2 targets at most for log delivery options."`
`209`	`209`	`}`
`210`	`210`	`}`
	`211`	`+`
	`212`	`+variable "allowed_security_groups" {`
	`213`	`+ type = list(string)`
	`214`	`+ description = "List of existing security groups that will be allowed ingress via the elaticache security group rules"`
	`215`	`+ default = []`
	`216`	`+}`