terraform-aws-route53 icon indicating copy to clipboard operation
terraform-aws-route53 copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

fix: Add egress rule update support

Open renebarbosafl opened this issue 1 year ago β€’ 1 comments

Description

This PR complements https://github.com/terraform-aws-modules/terraform-aws-route53/pull/106 by adding a new variable, allowing the submodule to update egress rules. This PR also adds support for setting static IP address on the resolver endpoint instances.

Motivation and Context

The previous pull request was hardcoding an egress rule allowing All the traffic. Users could want to update these rules as their needs and it's also a security issue.

Breaking Changes

The default value for of var.security_group_egress_cidr_blocks is an empty list, it can cause problems when using inbound resolver-endpoints and not declaring this variable. To fix it, we can do something like:

security_group_egress_cidr_blocks = [
  "0.0.0.0/0" # Allow All
]

or

security_group_egress_cidr_blocks = [
  module.vpc2.vpc_cidr_block # Allow target vpc
]

How Has This Been Tested?

  • [x] I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • [x] I have tested and validated these changes using one or more of the provided examples/* projects
  • [x] I have executed pre-commit run -a on my pull request

renebarbosafl avatar Jun 10 '24 12:06 renebarbosafl