Expose ingress CIDRs

Author: snemetz

README.md

@@ -96,6 +96,7 @@ This software is released under the MIT License (see `LICENSE`).
 | lb\_healthcheck\_timeout | Timeout in seconds for LB to use when connecting health checks (default 5) | string | `5` | no |
 | lb\_healthcheck\_unhealthy\_threshold | Number of consecutive failed health checks before marking service as unhealthy (default 2) | string | `5` | no |
 | lb\_https\_ports | HTTPS ports load balancer should listen on | string | `443` | no |
+| lb\_ingress\_cidr\_blocks | List of ingress CIDR blocks for load balancer | list | `<list>` | no |
 | lb\_internal | Configure LB as internal-only | string | `true` | no |
 | lb\_ports | Ports load balancer should listen on | string | `80` | no |
 | lb\_stickiness\_enabled | Enable LB session stickiness (default false) | string | `false` | no |

main.tf

@@ -92,7 +92,7 @@ module "sg-lb" {
   vpc_id              = "${var.vpc_id}"
   egress_cidr_blocks  = ["0.0.0.0/0"]
   egress_rules        = ["all-all"]
-  ingress_cidr_blocks = ["10.0.0.0/8"]                                              # "${var.allowed_cidr_blocks}"
+  ingress_cidr_blocks = ["${lb_ingress_cidr_blocks}"]                               # "${var.allowed_cidr_blocks}"
   ingress_rules       = "${compact(split(",", local.sg_rules))}"
 }
 

resource-plan-graph.png

@@ -130,6 +130,12 @@ variable "lb_https_ports" {
   default     = "443"
 }
 
+variable "lb_ingress_cidr_blocks" {
+  description = "List of ingress CIDR blocks for load balancer"
+  type        = "list"
+  default     = ["10.0.0.0/8"]
+}
+
 variable "lb_ports" {
   description = "Ports load balancer should listen on"
   default     = "80"