From 652d038d21477f3a6e515342ef2cfbc8b2445784 Mon Sep 17 00:00:00 2001
From: Bruno Rodrigues <30496075+bsrodrigs@users.noreply.github.com>
Date: Tue, 29 Mar 2022 14:51:19 +0100
Subject: [PATCH] # This is a combination of 2 commits. # This is the 1st
 commit message:

Change logic for ssh security group (#4)

* Change logic for ssh security group

* [MegaLinter] Apply linters fixes

Co-authored-by: bsrodrigs <bsrodrigs@users.noreply.github.com>
# The commit message #2 will be skipped:

# Fix ssh security group (#5)
#
---
 rs-green-side.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rs-green-side.tf b/rs-green-side.tf
index b938b0f..e48e498 100644
--- a/rs-green-side.tf
+++ b/rs-green-side.tf
@@ -69,7 +69,7 @@ resource "aws_instance" "green_vpn_inst" {
 
   ami                    = data.aws_ami.green_vpn_inst_ubuntu.id
   instance_type          = var.green_vpn_endpoint_instancetype
-  vpc_security_group_ids = length(var.allowed_networks_ssh) > 0 ? [aws_security_group.green_vpn_inst_ipsec.id, aws_security_group.green_vpn_inst_green_traffic.id, aws_security_group.green_vpn_inst_ssh.id] : [aws_security_group.green_vpn_inst_ipsec.id, aws_security_group.green_vpn_inst_green_traffic.id]
+  vpc_security_group_ids = concat([aws_security_group.green_vpn_inst_ipsec.id, aws_security_group.green_vpn_inst_green_traffic.id], try(aws_security_group.green_vpn_inst_ssh[0].id,[]))
   subnet_id              = module.green_vpc.public_subnets[0]
   key_name               = var.green_vpn_inst_keyname == "" ? aws_key_pair.green_vpn_inst[0].key_name : var.green_vpn_inst_keyname
   source_dest_check      = "false"
@@ -145,6 +145,9 @@ resource "aws_security_group" "green_vpn_inst_ipsec" {
 
 
 resource "aws_security_group" "green_vpn_inst_ssh" {
+
+  count = length(var.green_vpn_inst_allowed_networks_ssh) > 0 ? 1 : 0
+
   name        = "vpn_inst_ssh"
   description = "Allow SSH from specified networks for management"
   vpc_id      = module.green_vpc.vpc_id