From f2c32f84e8e88670ebee075748c9661eb9eeeaa4 Mon Sep 17 00:00:00 2001 From: detomarco Date: Fri, 3 Oct 2025 22:16:26 +0200 Subject: [PATCH 1/5] chore: improve security_group_rules type definition --- variables.tf | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index d157d04..58b768e 100644 --- a/variables.tf +++ b/variables.tf @@ -425,7 +425,18 @@ variable "vpc_id" { variable "security_group_rules" { description = "Security group ingress and egress rules to add to the security group created" - type = any + type = map(object({ + type = optional(string, "ingress") + ip_protocol = optional(string, "tcp") + cidr_ipv4 = optional(string) + cidr_ipv6 = optional(string) + description = optional(string) + from_port = optional(number) + to_port = optional(number) + prefix_list_id = optional(string) + referenced_security_group_id = optional(string) + tags = optional(map(string), {}) + })) default = {} } From f047130e00bad4bb68471bd0e36c309b6d4dd1c1 Mon Sep 17 00:00:00 2001 From: Marco De Toma Date: Fri, 3 Oct 2025 22:19:52 +0200 Subject: [PATCH 2/5] chore: improve security_group_rules type definition --- .gitignore | 1 + README.md | 2 +- main.tf | 24 ++++++++++++------------ variables.tf | 22 +++++++++++----------- 4 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.gitignore b/.gitignore index c1198c3..7537fe8 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ override.tf.json terraform.rc .DS_Store +.idea diff --git a/README.md b/README.md index 5dfb4c7..32987fa 100644 --- a/README.md +++ b/README.md @@ -452,7 +452,7 @@ No modules. | [security\_group\_ids](#input\_security\_group\_ids) | One or more VPC security groups associated with the cache cluster | `list(string)` | `[]` | no | | [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created | `string` | `null` | no | | [security\_group\_names](#input\_security\_group\_names) | Names of one or more Amazon VPC security groups associated with this replication group | `list(string)` | `[]` | no | -| [security\_group\_rules](#input\_security\_group\_rules) | Security group ingress and egress rules to add to the security group created | `any` | `{}` | no | +| [security\_group\_rules](#input\_security\_group\_rules) | Security group ingress and egress rules to add to the security group created | 
map(object({
    type                         = optional(string, "ingress")
    ip_protocol                  = optional(string, "tcp")
    cidr_ipv4                    = optional(string)
    cidr_ipv6                    = optional(string)
    description                  = optional(string)
    from_port                    = optional(number)
    to_port                      = optional(number)
    prefix_list_id               = optional(string)
    referenced_security_group_id = optional(string)
    tags                         = optional(map(string), {})
  }))
| `{}` | no | | [security\_group\_tags](#input\_security\_group\_tags) | A map of additional tags to add to the security group created | `map(string)` | `{}` | no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`security_group_name`) is used as a prefix | `bool` | `true` | no | | [snapshot\_arns](#input\_snapshot\_arns) | (Redis only) Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3 | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index 2020140..3dfa329 100644 --- a/main.tf +++ b/main.tf @@ -322,35 +322,35 @@ resource "aws_vpc_security_group_ingress_rule" "this" { # Required security_group_id = aws_security_group.this[0].id - ip_protocol = try(each.value.ip_protocol, "tcp") + ip_protocol = each.value.ip_protocol # Optional - cidr_ipv4 = lookup(each.value, "cidr_ipv4", null) - cidr_ipv6 = lookup(each.value, "cidr_ipv6", null) + cidr_ipv4 = try(each.value.cidr_ipv4, null) + cidr_ipv6 = try(each.value.cidr_ipv6, null) description = try(each.value.description, null) from_port = try(each.value.from_port, local.port) - prefix_list_id = lookup(each.value, "prefix_list_id", null) - referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null) == "self" ? aws_security_group.this[0].id : lookup(each.value, "referenced_security_group_id", null) + prefix_list_id = try(each.value.prefix_list_id, null) + referenced_security_group_id = try(each.value.referenced_security_group_id, null) to_port = try(each.value.to_port, local.port) tags = merge(local.tags, var.security_group_tags, try(each.value.tags, {})) } resource "aws_vpc_security_group_egress_rule" "this" { - for_each = { for k, v in var.security_group_rules : k => v if local.create_security_group && try(v.type, "ingress") == "egress" } + for_each = { for k, v in var.security_group_rules : k => v if local.create_security_group && v.type == "egress" } # Required security_group_id = aws_security_group.this[0].id ip_protocol = try(each.value.ip_protocol, "tcp") # Optional - cidr_ipv4 = lookup(each.value, "cidr_ipv4", null) - cidr_ipv6 = lookup(each.value, "cidr_ipv6", null) + cidr_ipv4 = try(each.value.cidr_ipv4, null) + cidr_ipv6 = try(each.value.cidr_ipv6, null) description = try(each.value.description, null) - from_port = try(each.value.from_port, null) - prefix_list_id = lookup(each.value, "prefix_list_id", null) - referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null) == "self" ? aws_security_group.this[0].id : lookup(each.value, "referenced_security_group_id", null) - to_port = try(each.value.to_port, null) + from_port = try(each.value.from_port, local.port) + prefix_list_id = try(each.value.prefix_list_id, null) + referenced_security_group_id = try(each.value.referenced_security_group_id, null) + to_port = try(each.value.to_port, local.port) tags = merge(local.tags, var.security_group_tags, try(each.value.tags, {})) } diff --git a/variables.tf b/variables.tf index 58b768e..830e616 100644 --- a/variables.tf +++ b/variables.tf @@ -425,19 +425,19 @@ variable "vpc_id" { variable "security_group_rules" { description = "Security group ingress and egress rules to add to the security group created" - type = map(object({ - type = optional(string, "ingress") - ip_protocol = optional(string, "tcp") - cidr_ipv4 = optional(string) - cidr_ipv6 = optional(string) - description = optional(string) - from_port = optional(number) - to_port = optional(number) - prefix_list_id = optional(string) + type = map(object({ + type = optional(string, "ingress") + ip_protocol = optional(string, "tcp") + cidr_ipv4 = optional(string) + cidr_ipv6 = optional(string) + description = optional(string) + from_port = optional(number) + to_port = optional(number) + prefix_list_id = optional(string) referenced_security_group_id = optional(string) - tags = optional(map(string), {}) + tags = optional(map(string), {}) })) - default = {} + default = {} } variable "security_group_tags" { From deb4c57cec467f783977395005c732572a0c566a Mon Sep 17 00:00:00 2001 From: Marco De Toma Date: Fri, 3 Oct 2025 22:25:48 +0200 Subject: [PATCH 3/5] chore: update terraform required version --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index 6dda813..66099d3 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { From e04d706439fb27673b695fad93ccb502e8d50b02 Mon Sep 17 00:00:00 2001 From: Marco De Toma Date: Fri, 3 Oct 2025 22:28:19 +0200 Subject: [PATCH 4/5] chore: update terraform required version to 1.5.7 --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index 66099d3..2d58f01 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.3" + required_version = ">= 1.5.7" required_providers { aws = { From 9c6459317efc490040047e781f6f423410a87db0 Mon Sep 17 00:00:00 2001 From: Marco De Toma Date: Fri, 3 Oct 2025 22:32:14 +0200 Subject: [PATCH 5/5] chore: update terraform required version to 1.3 --- README.md | 2 +- examples/memcached-cluster/README.md | 2 +- examples/memcached-cluster/versions.tf | 2 +- examples/redis-cluster-mode/README.md | 2 +- examples/redis-cluster-mode/versions.tf | 2 +- examples/redis-cluster/README.md | 2 +- examples/redis-cluster/versions.tf | 2 +- examples/redis-global-replication-group/README.md | 2 +- examples/redis-global-replication-group/versions.tf | 2 +- examples/redis-replication-group-with-cluster-replica/README.md | 2 +- .../redis-replication-group-with-cluster-replica/versions.tf | 2 +- examples/redis-replication-group/README.md | 2 +- examples/redis-replication-group/versions.tf | 2 +- examples/serverless-cache/versions.tf | 2 +- examples/valkey-replication-group/README.md | 2 +- examples/valkey-replication-group/versions.tf | 2 +- versions.tf | 2 +- wrappers/versions.tf | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 32987fa..fc34aa3 100644 --- a/README.md +++ b/README.md @@ -365,7 +365,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.93 | | [random](#requirement\_random) | >= 3.0 | diff --git a/examples/memcached-cluster/README.md b/examples/memcached-cluster/README.md index 7c93f16..cc2dfae 100644 --- a/examples/memcached-cluster/README.md +++ b/examples/memcached-cluster/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/memcached-cluster/versions.tf b/examples/memcached-cluster/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/memcached-cluster/versions.tf +++ b/examples/memcached-cluster/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/redis-cluster-mode/README.md b/examples/redis-cluster-mode/README.md index 8453466..38fc434 100644 --- a/examples/redis-cluster-mode/README.md +++ b/examples/redis-cluster-mode/README.md @@ -21,7 +21,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/redis-cluster-mode/versions.tf b/examples/redis-cluster-mode/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/redis-cluster-mode/versions.tf +++ b/examples/redis-cluster-mode/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/redis-cluster/README.md b/examples/redis-cluster/README.md index 7afc24d..69749bb 100644 --- a/examples/redis-cluster/README.md +++ b/examples/redis-cluster/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/redis-cluster/versions.tf b/examples/redis-cluster/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/redis-cluster/versions.tf +++ b/examples/redis-cluster/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/redis-global-replication-group/README.md b/examples/redis-global-replication-group/README.md index a3b3c7a..92572a1 100644 --- a/examples/redis-global-replication-group/README.md +++ b/examples/redis-global-replication-group/README.md @@ -23,7 +23,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/redis-global-replication-group/versions.tf b/examples/redis-global-replication-group/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/redis-global-replication-group/versions.tf +++ b/examples/redis-global-replication-group/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/redis-replication-group-with-cluster-replica/README.md b/examples/redis-replication-group-with-cluster-replica/README.md index 48f8674..a5fb511 100644 --- a/examples/redis-replication-group-with-cluster-replica/README.md +++ b/examples/redis-replication-group-with-cluster-replica/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/redis-replication-group-with-cluster-replica/versions.tf b/examples/redis-replication-group-with-cluster-replica/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/redis-replication-group-with-cluster-replica/versions.tf +++ b/examples/redis-replication-group-with-cluster-replica/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/redis-replication-group/README.md b/examples/redis-replication-group/README.md index b873d2c..2348f77 100644 --- a/examples/redis-replication-group/README.md +++ b/examples/redis-replication-group/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/redis-replication-group/versions.tf b/examples/redis-replication-group/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/redis-replication-group/versions.tf +++ b/examples/redis-replication-group/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/serverless-cache/versions.tf b/examples/serverless-cache/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/serverless-cache/versions.tf +++ b/examples/serverless-cache/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/examples/valkey-replication-group/README.md b/examples/valkey-replication-group/README.md index 6e6a98a..937b513 100644 --- a/examples/valkey-replication-group/README.md +++ b/examples/valkey-replication-group/README.md @@ -19,7 +19,7 @@ Note that this example may create resources which will incur monetary charges on | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 5.73 | ## Providers diff --git a/examples/valkey-replication-group/versions.tf b/examples/valkey-replication-group/versions.tf index 0f48a6c..680bcec 100644 --- a/examples/valkey-replication-group/versions.tf +++ b/examples/valkey-replication-group/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/versions.tf b/versions.tf index 2d58f01..66099d3 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.5.7" + required_version = ">= 1.3" required_providers { aws = { diff --git a/wrappers/versions.tf b/wrappers/versions.tf index 6dda813..66099d3 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.3" required_providers { aws = {