Upgrade to new securty-group standards #133

Nuru · 2021-10-23T22:29:11Z

what

Upgrade to new Cloud Posse security group standards
Enable proper operation when DNS zone is created at the same time as the cluster
Enable create_before_destroy on security groups by default
Update AWS provider version constraint to properly require a version that has all the features the module uses
Add additional outputs for the Redis Replication Group

why

Further standardize all Cloud Posse modules
Supply bug fixes and features requested via "issues".

references

Closes Count depends on resource to be created when zone_id is used #82
Closes Use name_prefix and create_before_destroy on security groups #86
Closes How to activate Multi-AZ option. #104
Closes Additional outputs for the Redis Replication Group #113
Closes v0.40.0 requires two runs to create & apply security group #121
Closes Issues getting started: Sub-dependencies call variable errors #127
Supersedes and closes chore(deps): update terraform cloudposse/security-group/aws to v0.4.0 #130
Supersedes and closes Chore: bumps security group module version to 0.4.1 #132

Works around Terraform bug with using coalesce() or compact() in resource inputs.

Nuru · 2021-10-23T22:30:25Z

/test all

README.yaml

aknysh · 2021-10-24T02:03:35Z

README.yaml

+  If this is not desired behavior, set `transit_encryption_enabled=false`.
+
+  This module creates, by default, a new security group for the Elasticache Redis Cluster. When necessary, it will
+  replace that security group with a new one. In order to allow terraform to fully manage the security group, you


When necessary, it will replace that security group with a new one
Not clear which one is "that" and which one is new (b/c the previous sentence says "This module creates, by default, a new security group").
Can you elaborate on this sentence?

examples/complete/main.tf

main.tf

outputs.tf

aknysh · 2021-10-24T02:36:28Z

variables-deprecated.tf

+    EOT
+}
+locals {
+  use_legacy_egress = var.egress_cidr_blocks != null && var.egress_cidr_blocks != ["0.0.0.0/0"] && var.allow_all_egress != true


Suggested change

use_legacy_egress = var.egress_cidr_blocks != null && var.egress_cidr_blocks != ["0.0.0.0/0"] && var.allow_all_egress != true

use_legacy_egress = var.egress_cidr_blocks != null && !(length(var.egress_cidr_blocks) == 1 && var.egress_cidr_blocks[0] == "0.0.0.0/0") && var.allow_all_egress == false

Terraform does not support comparing lists using == and != operators, and can appear to work but will produce unexpected results

aknysh

LGTM, a few comments

Nuru · 2021-10-24T04:31:52Z

/test all

Nuru added 3 commits October 23, 2021 13:54

Revert #119 use security-group module instead of resource

17e2149

Update to new security-group standards

3928aee

Bug fixes and feature requests

8da10b7

Nuru requested review from a team as code owners October 23, 2021 22:29

Nuru requested review from Gowiem, jamengual, aknysh, bradj, nitrocode and osterman and removed request for a team October 23, 2021 22:29