X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=blobdiff_plain;f=fdio.infra.terraform%2Fterraform-aws-vpc%2Fmain.tf;h=1b84f8e3514a8dd96cc9e9a750150a1da44dc65d;hp=ed2e8715e7e9238e8e8779081a90e97577c9d402;hb=6a6ee512cbbcda3295114a478bcb9e3ac3d464c1;hpb=c5181ae1627fed20b79a829bf2330f3ee9d8a0f6

diff --git a/fdio.infra.terraform/terraform-aws-vpc/main.tf b/fdio.infra.terraform/terraform-aws-vpc/main.tf
index ed2e8715e7..1b84f8e351 100644
--- a/fdio.infra.terraform/terraform-aws-vpc/main.tf
+++ b/fdio.infra.terraform/terraform-aws-vpc/main.tf
@@ -15,7 +15,7 @@ resource "aws_vpc" "vpc" {
   tags                             = local.tags
 }
 
-# Create Security Groups
+# Create Security Group
 resource "aws_security_group" "security_group" {
   depends_on = [
     aws_vpc.vpc
@@ -26,29 +26,39 @@ resource "aws_security_group" "security_group" {
   tags                   = local.tags
   vpc_id                 = aws_vpc.vpc.id
 
+  ingress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = -1
+    self             = true
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
   dynamic "ingress" {
     for_each = var.security_group_ingress
     content {
-      from_port        = ingress.value["from_port"]
-      to_port          = ingress.value["to_port"]
-      protocol         = ingress.value["protocol"]
-      cidr_blocks      = ingress.value["cidr_blocks"]
-      ipv6_cidr_blocks = ingress.value["ipv6_cidr_blocks"]
+      from_port        = lookup(ingress.value, "from_port", null)
+      to_port          = lookup(ingress.value, "to_port", null)
+      protocol         = lookup(ingress.value, "protocol", null)
+      self             = lookup(ingress.value, "self", null)
+      cidr_blocks      = lookup(ingress.value, "cidr_blocks", null)
+      ipv6_cidr_blocks = lookup(ingress.value, "ipv6_cidr_blocks", null)
     }
   }
   dynamic "egress" {
     for_each = var.security_group_egress
     content {
-      from_port        = ingress.value["from_port"]
-      to_port          = ingress.value["to_port"]
-      protocol         = ingress.value["protocol"]
-      cidr_blocks      = ingress.value["cidr_blocks"]
-      ipv6_cidr_blocks = ingress.value["ipv6_cidr_blocks"]
+      from_port        = lookup(egress.value, "from_port", null)
+      to_port          = lookup(egress.value, "to_port", null)
+      protocol         = lookup(egress.value, "protocol", null)
+      self             = lookup(egress.value, "self", null)
+      cidr_blocks      = lookup(egress.value, "cidr_blocks", null)
+      ipv6_cidr_blocks = lookup(egress.value, "ipv6_cidr_blocks", null)
     }
   }
 }
 
-# Create Gateway
+# Create Internet Gateway
 resource "aws_internet_gateway" "internet_gateway" {
   depends_on = [
     aws_vpc.vpc
@@ -57,18 +67,18 @@ resource "aws_internet_gateway" "internet_gateway" {
   vpc_id = aws_vpc.vpc.id
 }
 
-# Create Routes
+# Create Route
 resource "aws_route" "route" {
   depends_on = [
     aws_vpc.vpc,
     aws_internet_gateway.internet_gateway
   ]
-  destination_cidr_block      = "0.0.0.0/0"
-  gateway_id                  = aws_internet_gateway.internet_gateway.id
-  route_table_id              = aws_vpc.vpc.main_route_table_id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.internet_gateway.id
+  route_table_id         = aws_vpc.vpc.main_route_table_id
 }
 
-# Create Subnets
+# Create Subnet
 resource "aws_subnet" "subnet" {
   depends_on = [
     aws_vpc.vpc