updating main.tf and adding to locals.tf to resolve ipv6 error (#132)

* updating main.tf and adding to locals.tf to resolve ipv6 error\ * reverting the ipv4 blocks back to previous to ensure empty string error isnt masked * added null validator to the ipv4 block as well
Guimove · Mar 10, 2022 · 741a83b · 741a83b
1 parent 00723c2
commit 741a83b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/locals.tf b/locals.tf
@@ -1,5 +1,10 @@
 locals {
   name_prefix    = var.bastion_launch_template_name
   security_group = join("", flatten([aws_security_group.bastion_host_security_group[*].id, var.bastion_security_group_id]))
+
+  // the compact() function checks for null values and gets rid of them 
+  // the length is a check to ensure we dont have an empty array, as an empty array would throw an error for the cidr_block argument 
+  ipv4_cidr_block = length(compact(data.aws_subnet.subnets[*].cidr_block)) == 0 ? null : concat(data.aws_subnet.subnets[*].cidr_block, var.cidrs)
+  ipv6_cidr_block = length(compact(data.aws_subnet.subnets[*].ipv6_cidr_block)) == 0 ? null : concat(data.aws_subnet.subnets[*].ipv6_cidr_block, var.ipv6_cidrs)
 }
 
diff --git a/main.tf b/main.tf
@@ -35,8 +35,8 @@ resource "aws_security_group_rule" "ingress_bastion" {
   from_port        = var.public_ssh_port
   to_port          = var.public_ssh_port
   protocol         = "TCP"
-  cidr_blocks      = compact(concat(data.aws_subnet.subnets.*.cidr_block, var.cidrs))
-  ipv6_cidr_blocks = compact(concat(data.aws_subnet.subnets.*.ipv6_cidr_block, var.ipv6_cidrs))
+  cidr_blocks      = local.ipv4_cidr_block
+  ipv6_cidr_blocks = local.ipv6_cidr_block
 
   security_group_id = local.security_group
 }