Makes security group rule id to be optional in eks-node-group

modules/eks-node-group/README.md

@@ -53,7 +53,7 @@ This module creates following resources.
 | <a name="input_bootstrap_extra_args"></a> [bootstrap\_extra\_args](#input\_bootstrap\_extra\_args) | (Optional) Extra arguments to add to the `/etc/eks/bootstrap.sh`. | `list(string)` | `[]` | no |
 | <a name="input_cni_custom_networking_enabled"></a> [cni\_custom\_networking\_enabled](#input\_cni\_custom\_networking\_enabled) | (Optional) Whether to use EKS CNI Custom Networking. | `bool` | `false` | no |
 | <a name="input_cni_eni_prefix_mode_enabled"></a> [cni\_eni\_prefix\_mode\_enabled](#input\_cni\_eni\_prefix\_mode\_enabled) | (Optional) Whether to use ENI Prefix Mode of EKS CNI. | `bool` | `false` | no |
-| <a name="input_default_security_group"></a> [default\_security\_group](#input\_default\_security\_group) | (Optional) The configuration of the default security group for the EKS node group. `default_security_group` block as defined below.<br>    (Optional) `enabled` - Whether to use the default security group. Defaults to `true`.<br>    (Optional) `name` - The name of the default security group. If not provided, the node group name is used for the name of security group.<br>    (Optional) `description` - The description of the default security group.<br>    (Optional) `ingress_rules` - A list of ingress rules in a security group. Defaults to `[]`. Each block of `ingress_rules` as defined below.<br>      (Required) `id` - The ID of the ingress rule. This value is only used internally within Terraform code.<br>      (Optional) `description` - The description of the rule.<br>      (Required) `protocol` - The protocol to match. Note that if `protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.<br>      (Required) `from_port` - The start of port range for the protocols.<br>      (Required) `to_port` - The end of port range for the protocols.<br>      (Optional) `ipv4_cidrs` - The IPv4 network ranges to allow, in CIDR notation.<br>      (Optional) `ipv6_cidrs` - The IPv6 network ranges to allow, in CIDR notation.<br>      (Optional) `prefix_lists` - The prefix list IDs to allow.<br>      (Optional) `security_groups` - The source security group IDs to allow.<br>      (Optional) `self` - Whether the security group itself will be added as a source to this ingress rule.<br>    (Optional) `egress_rules` - A list of egress rules in a security group. Defaults to `[{ id = "default", protocol = -1, from_port = 1, to_port=65535, ipv4_cidrs = ["0.0.0.0/0"] }]`. Each block of `egress_rules` as defined below.<br>      (Required) `id` - The ID of the egress rule. This value is only used internally within Terraform code.<br>      (Optional) `description` - The description of the rule.<br>      (Required) `protocol` - The protocol to match. Note that if `protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.<br>      (Required) `from_port` - The start of port range for the protocols.<br>      (Required) `to_port` - The end of port range for the protocols.<br>      (Optional) `ipv4_cidrs` - The IPv4 network ranges to allow, in CIDR notation.<br>      (Optional) `ipv6_cidrs` - The IPv6 network ranges to allow, in CIDR notation.<br>      (Optional) `prefix_lists` - The prefix list IDs to allow.<br>      (Optional) `security_groups` - The source security group IDs to allow.<br>      (Optional) `self` - Whether the security group itself will be added as a source to this ingress rule. | <pre>object({<br>    enabled     = optional(bool, true)<br>    name        = optional(string)<br>    description = optional(string, "Managed by Terraform.")<br>    ingress_rules = optional(<br>      list(object({<br>        id              = string<br>        description     = optional(string, "Managed by Terraform.")<br>        protocol        = string<br>        from_port       = number<br>        to_port         = number<br>        ipv4_cidrs      = optional(list(string), [])<br>        ipv6_cidrs      = optional(list(string), [])<br>        prefix_lists    = optional(list(string), [])<br>        security_groups = optional(list(string), [])<br>        self            = optional(bool, false)<br>      })),<br>      []<br>    )<br>    egress_rules = optional(<br>      list(object({<br>        id              = string<br>        description     = optional(string, "Managed by Terraform.")<br>        protocol        = string<br>        from_port       = number<br>        to_port         = number<br>        ipv4_cidrs      = optional(list(string), [])<br>        ipv6_cidrs      = optional(list(string), [])<br>        prefix_lists    = optional(list(string), [])<br>        security_groups = optional(list(string), [])<br>        self            = optional(bool, false)<br>      })),<br>      [{<br>        id          = "default"<br>        description = "Allow all outbound traffic."<br>        protocol    = "-1"<br>        from_port   = 1<br>        to_port     = 65535<br>        ipv4_cidrs  = ["0.0.0.0/0"]<br>      }]<br>    )<br>  })</pre> | `{}` | no |
+| <a name="input_default_security_group"></a> [default\_security\_group](#input\_default\_security\_group) | (Optional) The configuration of the default security group for the EKS node group. `default_security_group` block as defined below.<br>    (Optional) `enabled` - Whether to use the default security group. Defaults to `true`.<br>    (Optional) `name` - The name of the default security group. If not provided, the node group name is used for the name of security group.<br>    (Optional) `description` - The description of the default security group.<br>    (Optional) `ingress_rules` - A list of ingress rules in a security group. Defaults to `[]`. Each block of `ingress_rules` as defined below.<br>      (Optional) `id` - The ID of the ingress rule. This value is only used internally within Terraform code.<br>      (Optional) `description` - The description of the rule.<br>      (Required) `protocol` - The protocol to match. Note that if `protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.<br>      (Required) `from_port` - The start of port range for the protocols.<br>      (Required) `to_port` - The end of port range for the protocols.<br>      (Optional) `ipv4_cidrs` - The IPv4 network ranges to allow, in CIDR notation.<br>      (Optional) `ipv6_cidrs` - The IPv6 network ranges to allow, in CIDR notation.<br>      (Optional) `prefix_lists` - The prefix list IDs to allow.<br>      (Optional) `security_groups` - The source security group IDs to allow.<br>      (Optional) `self` - Whether the security group itself will be added as a source to this ingress rule.<br>    (Optional) `egress_rules` - A list of egress rules in a security group. Defaults to `[{ id = "default", protocol = -1, from_port = 1, to_port=65535, ipv4_cidrs = ["0.0.0.0/0"] }]`. Each block of `egress_rules` as defined below.<br>      (Optional) `id` - The ID of the egress rule. This value is only used internally within Terraform code.<br>      (Optional) `description` - The description of the rule.<br>      (Required) `protocol` - The protocol to match. Note that if `protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.<br>      (Required) `from_port` - The start of port range for the protocols.<br>      (Required) `to_port` - The end of port range for the protocols.<br>      (Optional) `ipv4_cidrs` - The IPv4 network ranges to allow, in CIDR notation.<br>      (Optional) `ipv6_cidrs` - The IPv6 network ranges to allow, in CIDR notation.<br>      (Optional) `prefix_lists` - The prefix list IDs to allow.<br>      (Optional) `security_groups` - The source security group IDs to allow.<br>      (Optional) `self` - Whether the security group itself will be added as a source to this ingress rule. | <pre>object({<br>    enabled     = optional(bool, true)<br>    name        = optional(string)<br>    description = optional(string, "Managed by Terraform.")<br>    ingress_rules = optional(<br>      list(object({<br>        id              = optional(string)<br>        description     = optional(string, "Managed by Terraform.")<br>        protocol        = string<br>        from_port       = number<br>        to_port         = number<br>        ipv4_cidrs      = optional(list(string), [])<br>        ipv6_cidrs      = optional(list(string), [])<br>        prefix_lists    = optional(list(string), [])<br>        security_groups = optional(list(string), [])<br>        self            = optional(bool, false)<br>      })),<br>      []<br>    )<br>    egress_rules = optional(<br>      list(object({<br>        id              = string<br>        description     = optional(string, "Managed by Terraform.")<br>        protocol        = string<br>        from_port       = number<br>        to_port         = number<br>        ipv4_cidrs      = optional(list(string), [])<br>        ipv6_cidrs      = optional(list(string), [])<br>        prefix_lists    = optional(list(string), [])<br>        security_groups = optional(list(string), [])<br>        self            = optional(bool, false)<br>      })),<br>      [{<br>        id          = "default"<br>        description = "Allow all outbound traffic."<br>        protocol    = "-1"<br>        from_port   = 1<br>        to_port     = 65535<br>        ipv4_cidrs  = ["0.0.0.0/0"]<br>      }]<br>    )<br>  })</pre> | `{}` | no |
 | <a name="input_desired_size"></a> [desired\_size](#input\_desired\_size) | (Optional) The number of instances that should be running in the group. | `number` | `null` | no |
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
 | <a name="input_enabled_metrics"></a> [enabled\_metrics](#input\_enabled\_metrics) | (Optional) A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | <pre>[<br>  "GroupMinSize",<br>  "GroupMaxSize",<br>  "GroupDesiredCapacity",<br>  "GroupInServiceCapacity",<br>  "GroupInServiceInstances",<br>  "GroupPendingCapacity",<br>  "GroupPendingInstances",<br>  "GroupStandbyCapacity",<br>  "GroupStandbyInstances",<br>  "GroupTerminatingCapacity",<br>  "GroupTerminatingInstances",<br>  "GroupTotalCapacity",<br>  "GroupTotalInstances"<br>]</pre> | no |

modules/eks-node-group/security-group.tf

@@ -28,13 +28,13 @@ module "security_group" {
   ingress_rules = [
     for i, rule in var.default_security_group.ingress_rules :
     merge(rule, {
-      id = try(rule.id, "eks-node-group-${i}")
+      id = coalesce(rule.id, "eks-node-group-${i}")
     })
   ]
   egress_rules = [
     for i, rule in var.default_security_group.egress_rules :
     merge(rule, {
-      id = try(rule.id, "eks-node-group-${i}")
+      id = coalesce(rule.id, "eks-node-group-${i}")
     })
   ]
 

modules/eks-node-group/variables.tf

@@ -157,7 +157,7 @@ variable "default_security_group" {
     (Optional) `name` - The name of the default security group. If not provided, the node group name is used for the name of security group.
     (Optional) `description` - The description of the default security group.
     (Optional) `ingress_rules` - A list of ingress rules in a security group. Defaults to `[]`. Each block of `ingress_rules` as defined below.
-      (Required) `id` - The ID of the ingress rule. This value is only used internally within Terraform code.
+      (Optional) `id` - The ID of the ingress rule. This value is only used internally within Terraform code.
       (Optional) `description` - The description of the rule.
       (Required) `protocol` - The protocol to match. Note that if `protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
       (Required) `from_port` - The start of port range for the protocols.
@@ -168,7 +168,7 @@ variable "default_security_group" {
       (Optional) `security_groups` - The source security group IDs to allow.
       (Optional) `self` - Whether the security group itself will be added as a source to this ingress rule.
     (Optional) `egress_rules` - A list of egress rules in a security group. Defaults to `[{ id = "default", protocol = -1, from_port = 1, to_port=65535, ipv4_cidrs = ["0.0.0.0/0"] }]`. Each block of `egress_rules` as defined below.
-      (Required) `id` - The ID of the egress rule. This value is only used internally within Terraform code.
+      (Optional) `id` - The ID of the egress rule. This value is only used internally within Terraform code.
       (Optional) `description` - The description of the rule.
       (Required) `protocol` - The protocol to match. Note that if `protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
       (Required) `from_port` - The start of port range for the protocols.
@@ -185,7 +185,7 @@ variable "default_security_group" {
     description = optional(string, "Managed by Terraform.")
     ingress_rules = optional(
       list(object({
-        id              = string
+        id              = optional(string)
         description     = optional(string, "Managed by Terraform.")
         protocol        = string
         from_port       = number