# This is a combination of 2 commits.

# This is the 1st commit message: # This is a combination of 2 commits. # This is the 1st commit message: Change logic for ssh security group (#4) * Change logic for ssh security group * [MegaLinter] Apply linters fixes Co-authored-by: bsrodrigs <[email protected]> # The commit message #2 will be skipped: # Fix ssh security group (#5) # # The commit message #2 will be skipped: # Fix merge conflict
bsrodrigs · Mar 29, 2022 · 11a34af · 11a34af
1 parent 4691307
commit 11a34af
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/rs-green-side.tf b/rs-green-side.tf
@@ -69,7 +69,8 @@ resource "aws_instance" "green_vpn_inst" {
 
   ami                    = data.aws_ami.green_vpn_inst_ubuntu.id
   instance_type          = var.green_vpn_endpoint_instancetype
-  vpc_security_group_ids = length(var.allowed_networks_ssh) > 0 ? [aws_security_group.green_vpn_inst_ipsec.id, aws_security_group.green_vpn_inst_green_traffic.id, aws_security_group.green_vpn_inst_ssh.id] : [aws_security_group.green_vpn_inst_ipsec.id, aws_security_group.green_vpn_inst_green_traffic.id]
+
+  vpc_security_group_ids = concat([aws_security_group.green_vpn_inst_ipsec.id, aws_security_group.green_vpn_inst_green_traffic.id], try(aws_security_group.green_vpn_inst_ssh[0].id,[]))
   subnet_id              = module.green_vpc.public_subnets[0]
   key_name               = var.green_vpn_inst_keyname == "" ? aws_key_pair.green_vpn_inst[0].key_name : var.green_vpn_inst_keyname
   source_dest_check      = "false"
@@ -145,6 +146,9 @@ resource "aws_security_group" "green_vpn_inst_ipsec" {
 
 
 resource "aws_security_group" "green_vpn_inst_ssh" {
+
+  count = length(var.green_vpn_inst_allowed_networks_ssh) > 0 ? 1 : 0
+
   name        = "vpn_inst_ssh"
   description = "Allow SSH from specified networks for management"
   vpc_id      = module.green_vpc.vpc_id