Skip to content

feat: Allow security group rules to reference the security group created by the module#51

Merged
bryantbiggs merged 4 commits intoterraform-aws-modules:masterfrom
FlorinAndrei:sg-rules-with-self
Sep 25, 2025
Merged

feat: Allow security group rules to reference the security group created by the module#51
bryantbiggs merged 4 commits intoterraform-aws-modules:masterfrom
FlorinAndrei:sg-rules-with-self

Conversation

@FlorinAndrei
Copy link
Copy Markdown
Contributor

@FlorinAndrei FlorinAndrei commented Sep 19, 2025

Description

In the security group created by this module, allow rules to reference this security group itself as the source, in a manner similar to the self = true argument for the older aws_security_group_rule resource type.
This is done by introducing the special value "self" for the referenced_security_group_id of the SG rule resource. When this value is used, then referenced_security_group_id receives as a value the ID of the security group created by this module.

  security_group_rules = {
    ingress-self-redis = {
      type = "ingress"
      referenced_security_group_id = "self"
      description = "Allow traffic from this security group to itself."
    }
  }

Motivation and Context

aws_vpc_security_group_ingress_rule and its egress companion do not have a self argument. This is reflected in the way this module is written.
For clusters in general, it is a good idea to allow intra-cluster communication by default, for reasons such as replication, etc.
We have "self" type rules for the SGs of all clusters.

Breaking Changes

None.

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

@bryantbiggs bryantbiggs changed the title Create security group rules that reference this security group itself feat: Allow security group rules to reference the security group created by the module Sep 25, 2025
bryantbiggs
bryantbiggs approved these changes Sep 25, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@bryantbiggs bryantbiggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you!

@bryantbiggs bryantbiggs merged commit 42ccd24 into terraform-aws-modules:master Sep 25, 2025
15 checks passed
antonbabenko pushed a commit that referenced this pull request Sep 25, 2025
@semantic-release-bot
chore(release): version 1.9.0 [skip ci]
c420285 
## [1.9.0](v1.8.0...v1.9.0) (2025-09-25)

### Features

* Allow security group rules to reference the security group created by the module ([#51](#51)) ([42ccd24](42ccd24))
@antonbabenko
Copy link
Copy Markdown
Member

antonbabenko commented Sep 25, 2025

This PR is included in version 1.9.0 🎉

@FlorinAndrei
Copy link
Copy Markdown
Contributor Author

FlorinAndrei commented Sep 25, 2025

@bryantbiggs @antonbabenko I know you have other modules that could use this improvement. I'm not sure how you want to handle that. I'm a little behind the schedule right now with my projects, so I don't know how much time I'll have to spend on this topic. I'm sure you guys are far more conversant in your own code than I am, so maybe this is an easy add for you?

@bryantbiggs
Copy link
Copy Markdown
Member

bryantbiggs commented Sep 25, 2025

thank you - it varies on a case by case basis. I don't know of any other modules that don't have this capability but should - but happy to review any PRs where it would be of use

@bryantbiggs bryantbiggs mentioned this pull request Oct 22, 2025
Merged
3 tasks
@github-actions
Copy link
Copy Markdown

github-actions bot commented Oct 26, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bryantbiggs bryantbiggs bryantbiggs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FlorinAndrei @antonbabenko @bryantbiggs