From a2cb3e943cacc17f6999b79643fed4d50f5758b7 Mon Sep 17 00:00:00 2001
From: mr-miles <miles.waller@gmail.com>
Date: Tue, 27 Apr 2021 12:46:31 +0100
Subject: [PATCH] Set up http_api access correctly

If the module is given only security groups and not cidr ranges, a security group rule is created without all the necessary attributes
---
 modules/consul-security-group-rules/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/consul-security-group-rules/main.tf b/modules/consul-security-group-rules/main.tf
index 686eb650..53f890d1 100644
--- a/modules/consul-security-group-rules/main.tf
+++ b/modules/consul-security-group-rules/main.tf
@@ -68,7 +68,7 @@ resource "aws_security_group_rule" "allow_http_api_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_https_api_inbound" {
-  count       = var.enable_https_port ? 1 : 0
+  count       = var.enable_https_port && length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.https_api_port
   to_port     = var.https_api_port