Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow default_security_group to have no rules
The current implementation of the aws_default_security_group uses dynamic blocks for both ingress and egress rules. If no rules are passed in, then no dynamic blocks are generated, and no pre-existng rules are changed. In order to implement the CIS benchmark of no rules, the aws_default_security_group resorce needs to be created passing empty lists as ingress and egress rules. This commit updates the default ingress/egress rules to be those AWS uses when it initially created the default SG. It then sets the boolen local.empty_default_security_group if both ingress and egress rules passed in are empty lists. Finally it conditionally creates empty aws_default_security_group resource if local.empty_default_security_group is true. If local.empty_default_security_group is false, the original aws_default_security_group resource is utilized.
- Loading branch information