feat: Provide input to associate additional security groups (#88 reba…

…sed) (#92) * feat: Provide input to associate additional security groups (#88 rebased) * terraform-docs: automated action Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
idealo · Sep 8, 2022 · da5b328 · da5b328
1 parent 59eaa61
commit da5b328
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -134,6 +134,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | Account ID of the account in which MWAA will be started | `string` | n/a | yes |
+| <a name="input_additional_associated_security_group_ids"></a> [additional\_associated\_security\_group\_ids](#input\_additional\_associated\_security\_group\_ids) | Security group IDs of existing security groups that should be associated with the MWAA environment. | `list(string)` | `[]` | no |
 | <a name="input_additional_execution_role_policy_document_json"></a> [additional\_execution\_role\_policy\_document\_json](#input\_additional\_execution\_role\_policy\_document\_json) | Additional permissions to attach to the base mwaa execution role | `string` | `"{}"` | no |
 | <a name="input_airflow_configuration_options"></a> [airflow\_configuration\_options](#input\_airflow\_configuration\_options) | additional configuration to overwrite airflows standard config | `map(string)` | `{}` | no |
 | <a name="input_airflow_version"></a> [airflow\_version](#input\_airflow\_version) | Airflow version to be used | `string` | `"2.0.2"` | no |

diff --git a/main.tf b/main.tf
@@ -43,13 +43,11 @@ resource "aws_mwaa_environment" "this" {
   }
 
   network_configuration {
-    security_group_ids = [
-      aws_security_group.this.id
-    ]
+    security_group_ids = concat([aws_security_group.this.id], var.additional_associated_security_group_ids)
     subnet_ids         = var.create_networking_config ? aws_subnet.private[*].id : var.private_subnet_ids
   }
 
-  webserver_access_mode = var.webserver_access_mode
+  webserver_access_mode           = var.webserver_access_mode
   weekly_maintenance_window_start = var.weekly_maintenance_window_start
 
   kms_key = var.kms_key_arn

diff --git a/variables.tf b/variables.tf
@@ -34,7 +34,7 @@ variable "plugins_s3_path" {
 }
 variable "plugins_s3_object_version" {
   default = null
-  type = string
+  type    = string
 }
 variable "requirements_s3_path" {
   type        = string
@@ -43,7 +43,7 @@ variable "requirements_s3_path" {
 }
 variable "requirements_s3_object_version" {
   default = null
-  type = string
+  type    = string
 }
 
 # airflow.cfg values
@@ -56,11 +56,11 @@ variable "airflow_configuration_options" {
 # networking
 variable "vpc_id" {
   description = "VPC id of the VPC in which the environments resources are created"
-  type = string
+  type        = string
 }
 variable "internet_gateway_id" {
   description = "ID of the internet gateway to the VPC"
-  type = string
+  type        = string
 }
 variable "create_networking_config" {
   description = "true if networking resources (subnets, eip, NAT gateway and route table) should be created."
@@ -82,6 +82,11 @@ variable "private_subnet_ids" {
   type        = list(string)
   default     = []
 }
+variable "additional_associated_security_group_ids" {
+  description = "Security group IDs of existing security groups that should be associated with the MWAA environment."
+  type        = list(string)
+  default     = []
+}
 
 # iam
 variable "additional_execution_role_policy_document_json" {
@@ -92,18 +97,18 @@ variable "additional_execution_role_policy_document_json" {
 
 # scaling
 variable "max_workers" {
-  default = "10"
+  default     = "10"
   description = "numeric string, min 1"
-  type = string
+  type        = string
 }
 variable "min_workers" {
-  default = "1"
+  default     = "1"
   description = "numeric string, min 1"
-  type = string
+  type        = string
 }
 variable "environment_class" {
   default = "mw1.small"
-  type = string
+  type    = string
 }
 
 # security
@@ -171,7 +176,7 @@ variable "worker_logs_level" {
 
 # maintenance
 variable "weekly_maintenance_window_start" {
-  type = string
+  type        = string
   description = "The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time to start weekly maintenance updates of your environment in the following format: DAY:HH:MM. For example: TUE:03:30. You can specify a start time in 30 minute increments only"
-  default = "MON:01:00"
+  default     = "MON:01:00"
 }