Set up http_api access correctly

If the module is given only security groups and not cidr ranges, a security group rule is created without all the necessary attributes
hashicorp · Apr 27, 2021 · a2cb3e9 · a2cb3e9
1 parent 1a441ac
commit a2cb3e9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/consul-security-group-rules/main.tf b/modules/consul-security-group-rules/main.tf
@@ -68,7 +68,7 @@ resource "aws_security_group_rule" "allow_http_api_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_https_api_inbound" {
-  count       = var.enable_https_port ? 1 : 0
+  count       = var.enable_https_port && length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.https_api_port
   to_port     = var.https_api_port