feat: No defaults rules (#3)

stawii · web-flow · commit 4fee3014f379 · 2024-05-29T15:59:10.000+02:00
* remove default egress rule

* add sample ingress rule

* docs
diff --git a/README.md b/README.md
@@ -54,7 +54,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_common_tags"></a> [common\_tags](#input\_common\_tags) | A map of tags to assign to every resource in this module. | `map(string)` | `{}` | no |
 | <a name="input_description"></a> [description](#input\_description) | Security group description. | `string` | `null` | no |
-| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | Outbound rules (egress) for this security group. | <pre>map(object({<br>    description = optional(string, null)<br>    ip_protocol = optional(string, "tcp")<br><br>    port_number = optional(number, null)<br>    from_port   = optional(number, null)<br>    to_port     = optional(number, null)<br><br>    icmp_type = optional(number, null)<br>    icmp_code = optional(number, null)<br><br>    cidr_ipv4         = optional(string, null)<br>    cidr_ipv6         = optional(string, null)<br>    prefix_list_id    = optional(string, null)<br>    security_group_id = optional(string, null)<br>    extra_tags        = optional(map(string), {})<br>  }))</pre> | <pre>{<br>  "allow-all": {<br>    "cidr_ipv4": "0.0.0.0/0",<br>    "ip_protocol": "all"<br>  }<br>}</pre> | no |
+| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | Outbound rules (egress) for this security group. | <pre>map(object({<br>    description = optional(string, null)<br>    ip_protocol = optional(string, "tcp")<br><br>    port_number = optional(number, null)<br>    from_port   = optional(number, null)<br>    to_port     = optional(number, null)<br><br>    icmp_type = optional(number, null)<br>    icmp_code = optional(number, null)<br><br>    cidr_ipv4         = optional(string, null)<br>    cidr_ipv6         = optional(string, null)<br>    prefix_list_id    = optional(string, null)<br>    security_group_id = optional(string, null)<br>    extra_tags        = optional(map(string), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | Inbound rules (ingress) for this security group. | <pre>map(object({<br>    description = optional(string, null)<br>    ip_protocol = optional(string, "tcp")<br><br>    port_number = optional(number, null)<br>    from_port   = optional(number, null)<br>    to_port     = optional(number, null)<br><br>    icmp_type = optional(number, null)<br>    icmp_code = optional(number, null)<br><br>    cidr_ipv4         = optional(string, null)<br>    cidr_ipv6         = optional(string, null)<br>    prefix_list_id    = optional(string, null)<br>    security_group_id = optional(string, null)<br>    extra_tags        = optional(map(string), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the security group. | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC. | `string` | n/a | yes |
diff --git a/variables.tf b/variables.tf
@@ -42,7 +42,16 @@ variable "ingress_rules" {
     security_group_id = optional(string, null)
     extra_tags        = optional(map(string), {})
   }))
-  default = {}
+  default = {
+    # "icmp-in" = {
+    #   ip_protocol = "icmp"
+    #   cidr_ipv4   = "0.0.0.0/0"
+    # }
+    # "ssh-in" = {
+    #   cidr_ipv4   = "0.0.0.0/0"
+    #   port_number = 22
+    # }
+  }
 }
 
 variable "egress_rules" {
@@ -66,9 +75,9 @@ variable "egress_rules" {
     extra_tags        = optional(map(string), {})
   }))
   default = {
-    "allow-all" = {
-      ip_protocol = "all"
-      cidr_ipv4   = "0.0.0.0/0"
-    }
+    # "allow-all" = {
+    #   ip_protocol = "all"
+    #   cidr_ipv4   = "0.0.0.0/0"
+    # }
   }
 }
