Migrate to managed module

main.tf

@@ -8,7 +8,7 @@ locals {
 module "vpc" {
   count       = var.create_vpc ? 1 : 0
   source      = "./modules/vpc"
-  name_prefix = var.name_prefix
+  name = "${var.name_prefix}-vpc"
 }
 
 #################################################################

modules/ecs/main.tf

@@ -196,8 +196,7 @@ resource "aws_appautoscaling_policy" "cpu" {
 
 module "ecs_security_group" {
   count   = var.create_sg ? 1 : 0
-  source  = "terraform-aws-modules/security-group/aws"
-  version = ">=5.0.0"
+  source  = "../security-group"
   name    = "${var.name_prefix}-ecs-sg"
   vpc_id  = var.vpc_id
   ingress_with_source_security_group_id = flatten([
@@ -220,5 +219,4 @@ module "ecs_security_group" {
   ])
   egress_with_cidr_blocks = var.sg_egress_with_cidr_blocks
   tags                    = var.tags
-  use_name_prefix         = true
 }

modules/load-balancer/main.tf

@@ -87,12 +87,10 @@ resource "aws_lb_listener" "grpc" {
 
 module "loadbalancer_security_group" {
   count                    = var.create_sg ? 1 : 0
-  source                   = "terraform-aws-modules/security-group/aws"
-  version                  = ">=5.0.0"
+  source                   = "../security-group"
   name                     = "${var.name_prefix}-lb-sg"
   vpc_id                   = var.vpc_id
   ingress_with_cidr_blocks = var.sg_ingress_with_cidr_blocks
   egress_with_cidr_blocks  = var.sg_egress_with_cidr_blocks
   tags                     = var.tags
-  use_name_prefix          = true
 }

modules/security-group/main.tf

@@ -0,0 +1,125 @@
+#################################
+# Security group with name_prefix
+#################################
+resource "aws_security_group" "this_name_prefix" {
+  count = 1
+  name_prefix            = "${var.name}-"
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = false
+
+  tags = merge(
+    {
+      "Name" = format("%s", var.name)
+    },
+    var.tags,
+  )
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  timeouts {
+    create = var.create_timeout
+    delete = var.delete_timeout
+  }
+}
+
+resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
+  count = length(var.ingress_with_source_security_group_id)
+
+  security_group_id = aws_security_group.this_name_prefix[0].id
+  type              = "ingress"
+
+  source_security_group_id = var.ingress_with_source_security_group_id[count.index]["source_security_group_id"]
+  prefix_list_ids          = var.ingress_prefix_list_ids
+  description = lookup(
+    var.ingress_with_source_security_group_id[count.index],
+    "description",
+    "Ingress Rule",
+  )
+
+  from_port = lookup(
+    var.ingress_with_source_security_group_id[count.index],
+    "from_port",
+  )
+  to_port = lookup(
+    var.ingress_with_source_security_group_id[count.index],
+    "to_port",
+  )
+  protocol = lookup(
+    var.ingress_with_source_security_group_id[count.index],
+    "protocol",
+  )
+}
+
+
+resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
+  count = length(var.ingress_with_cidr_blocks)
+
+  security_group_id = aws_security_group.this_name_prefix[0].id
+  type              = "ingress"
+
+  cidr_blocks = compact(split(
+    ",",
+    lookup(
+      var.ingress_with_cidr_blocks[count.index],
+      "cidr_blocks",
+      join(",", var.ingress_cidr_blocks),
+    ),
+  ))
+  prefix_list_ids = var.ingress_prefix_list_ids
+  description = lookup(
+    var.ingress_with_cidr_blocks[count.index],
+    "description",
+    "Ingress Rule",
+  )
+
+  from_port = lookup(
+    var.ingress_with_cidr_blocks[count.index],
+    "from_port",
+  )
+  to_port = lookup(
+    var.ingress_with_cidr_blocks[count.index],
+    "to_port",
+  )
+  protocol = lookup(
+    var.ingress_with_cidr_blocks[count.index],
+    "protocol",
+  )
+}
+
+
+resource "aws_security_group_rule" "egress_with_cidr_blocks" {
+  count = length(var.egress_with_cidr_blocks)
+
+  security_group_id = aws_security_group.this_name_prefix[0].id
+  type              = "egress"
+
+  cidr_blocks = compact(split(
+    ",",
+    lookup(
+      var.egress_with_cidr_blocks[count.index],
+      "cidr_blocks",
+      join(",", var.egress_cidr_blocks),
+    ),
+  ))
+  prefix_list_ids = var.egress_prefix_list_ids
+  description = lookup(
+    var.egress_with_cidr_blocks[count.index],
+    "description",
+    "Egress Rule",
+  )
+
+  from_port = lookup(
+    var.egress_with_cidr_blocks[count.index],
+    "from_port",
+  )
+  to_port = lookup(
+    var.egress_with_cidr_blocks[count.index],
+    "to_port",
+  )
+  protocol = lookup(
+    var.egress_with_cidr_blocks[count.index],
+    "protocol",
+  )
+}

modules/security-group/outputs.tf

@@ -0,0 +1,29 @@
+output "security_group_arn" {
+  description = "The ARN of the security group"
+  value       = aws_security_group.this_name_prefix[0].arn
+}
+
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = aws_security_group.this_name_prefix[0].id
+}
+
+output "security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = aws_security_group.this_name_prefix[0].vpc_id
+}
+
+output "security_group_owner_id" {
+  description = "The owner ID"
+  value       = aws_security_group.this_name_prefix[0].owner_id
+}
+
+output "security_group_name" {
+  description = "The name of the security group"
+  value       = aws_security_group.this_name_prefix[0].name
+}
+
+output "security_group_description" {
+  description = "The description of the security group"
+  value       = aws_security_group.this_name_prefix[0].description
+}

modules/security-group/provider.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}

modules/security-group/variables.tf

@@ -0,0 +1,83 @@
+#################
+# Security group
+#################
+
+variable "vpc_id" {
+  description = "ID of the VPC where to create security group"
+  type        = string
+  default     = null
+}
+
+variable "name" {
+  description = "Name of security group - not required if create_sg is false"
+  type        = string
+  default     = null
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to security group"
+  type        = map(string)
+  default     = {}
+}
+
+variable "create_timeout" {
+  description = "Time to wait for a security group to be created"
+  type        = string
+  default     = "10m"
+}
+
+variable "delete_timeout" {
+  description = "Time to wait for a security group to be deleted"
+  type        = string
+  default     = "15m"
+}
+
+##########
+# Ingress
+##########
+
+variable "ingress_with_cidr_blocks" {
+  description = "List of ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_source_security_group_id" {
+  description = "List of ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+#########
+# Egress
+#########
+
+variable "egress_with_cidr_blocks" {
+  description = "List of egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
+  type        = list(string)
+  default     = []
+}