Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow default_security_group to have no rules #1123

Closed
wants to merge 2 commits into from
Closed

fix: Allow default_security_group to have no rules #1123

wants to merge 2 commits into from

Commits on Sep 30, 2024

  1. Allow default_security_group to have no rules 

    The current implementation of the aws_default_security_group
uses dynamic blocks for both ingress and egress rules. If no
rules are passed in, then no dynamic blocks are generated,
and no pre-existng rules are changed. In order to implement the
CIS benchmark of no rules, the aws_default_security_group
resorce needs to be created passing empty lists as ingress
and egress rules.

This commit updates the default ingress/egress rules to be
those AWS uses when it initially created the default SG.
It then sets the boolen local.empty_default_security_group
if both ingress and egress rules passed in are empty lists.
Finally it conditionally creates empty aws_default_security_group
resource if local.empty_default_security_group is true.  If
local.empty_default_security_group is false, the original
aws_default_security_group resource is utilized.
    Britt Houser authored and Britt Houser committed Sep 30, 2024
    Configuration menu
    Copy the full SHA
    0b0b3c8 View commit details
    Browse the repository at this point in the history

Commits on Oct 1, 2024

  1. Add example VPC creation with empty default security group

    Britt Houser authored and Britt Houser committed Oct 1, 2024
    Configuration menu
    Copy the full SHA
    6cebe30 View commit details
    Browse the repository at this point in the history