Use existing security group instead of cidr_block

[qrevel]

I think in most use cases, we allow access of the DB from another security group (app tier for example). Actually I must provide a cidr_block for the security group to use the module even if I don't want to.

I would be nice to have the choice between cidr_blocks or source_security_group_id for the allow_rule. As these two options create a conflict, I think two rules should be used , one for the cidr_blocks and the other for the source_security_group_id. Then it's just a matter of count = 0|1 based on the value of the variables (that's my actual workaround).

[antonbabenko]

Yes, I agree with what you are saying. The creation of security group with different types of values is currently not implemented and your solution sounds good. Could you please submit a PR with it?

[hakamadare]

@qrevel i also agree with this; i implemented something similar in terraform-community-modules/tf_aws_aurora