Allow additional security groups to ec2 instances (#103)

* allow additional security groups to ec2 instances

* update readme for additional_security_groups

Author: m0xx

README.md

@@ -1,4 +1,43 @@
-<!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+<!-- 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  ** DO NOT EDIT THIS FILE
+  ** 
+  ** This file was automatically generated by the `build-harness`. 
+  ** 1) Make all changes to `README.yaml` 
+  ** 2) Run `make init` (you only need to do this once)
+  ** 3) Run`make readme` to rebuild this file. 
+  **
+  ** (We maintain HUNDREDS of open source projects. This is how we maintain our sanity.)
+  **
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  -->
 [![README Header][readme_header_img]][readme_header_link]
 
 [![Cloud Posse][logo]](https://cpco.io/homepage)
@@ -158,9 +197,10 @@ Available targets:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| additional_security_groups | List of security groups to be allowed to connect to the EC2 instances | list(string) | `<list>` | no |
 | additional_settings | Additional Elastic Beanstalk setttings. For full list of options, see https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html | object | `<list>` | no |
 | alb_zone_id | ALB zone id | map(string) | `<map>` | no |
-| allowed_security_groups | List of security groups to be allowed to connect to the EC2 instances | list(string) | `<list>` | no |
+| allowed_security_groups | List of security groups to add to the EC2 instances | list(string) | `<list>` | no |
 | application_port | Port application is listening on | number | `80` | no |
 | application_subnets | List of subnets to place EC2 instances | list(string) | - | yes |
 | associate_public_ip_address | Whether to associate public IP addresses to the instances | bool | `false` | no |
@@ -271,42 +311,47 @@ Check out these related projects.
 
 ## Help
 
-**Got a question?**
+**Got a question?** We got answers. 
 
 File a GitHub [issue](https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/issues), send us an [email][email] or join our [Slack Community][slack].
 
 [![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link]
 
-## Commercial Support
-
-Work directly with our team of DevOps experts via email, slack, and video conferencing. 
-
-We provide [*commercial support*][commercial_support] for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a full-time engineer. 
+## DevOps Accelerator for Startups
 
-[![E-Mail](https://img.shields.io/badge/[email protected])][email]
 
-- **Questions.** We'll use a Shared Slack channel between your team and ours.
-- **Troubleshooting.** We'll help you triage why things aren't working.
-- **Code Reviews.** We'll review your Pull Requests and provide constructive feedback.
-- **Bug Fixes.** We'll rapidly work to fix any bugs in our projects.
-- **Build New Terraform Modules.** We'll [develop original modules][module_development] to provision infrastructure.
-- **Cloud Architecture.** We'll assist with your cloud strategy and design.
-- **Implementation.** We'll provide hands-on support to implement our reference architectures. 
+We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. 
 
+[![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support]
 
+Work directly with our team of DevOps experts via email, slack, and video conferencing.
 
-## Terraform Module Development
-
-Are you interested in custom Terraform module development? Submit your inquiry using [our form][module_development] today and we'll get back to you ASAP.
+We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet.
 
+- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code.
+- **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments.
+- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices.
+- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes.
+- **GitOps.** You'll be able to operate your infrastructure via Pull Requests.
+- **Training.** You'll receive hands-on training so your team can operate what we build.
+- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel.
+- **Troubleshooting.** You'll get help to triage when things aren't working.
+- **Code Reviews.** You'll receive constructive feedback on Pull Requests.
+- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects.
 
 ## Slack Community
 
 Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure.
 
 ## Newsletter
 
-Signup for [our newsletter][newsletter] that covers everything on our technology radar.  Receive updates on what we're up to on GitHub as well as awesome new projects we discover. 
+Sign up for [our newsletter][newsletter] that covers everything on our technology radar.  Receive updates on what we're up to on GitHub as well as awesome new projects we discover. 
+
+## Office Hours
+
+[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! 
+
+[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours]
 
 ## Contributing
 
@@ -331,7 +376,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2019 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 
@@ -410,33 +455,31 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [DirectRoot_homepage]: https://github.com/DirectRoot
   [DirectRoot_avatar]: https://img.cloudposse.com/150x150/https://github.com/DirectRoot.png
 
-
-
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]
 
   [logo]: https://cloudposse.com/logo-300x69.svg
-  [docs]: https://cpco.io/docs
-  [website]: https://cpco.io/homepage
-  [github]: https://cpco.io/github
-  [jobs]: https://cpco.io/jobs
-  [hire]: https://cpco.io/hire
-  [slack]: https://cpco.io/slack
-  [linkedin]: https://cpco.io/linkedin
-  [twitter]: https://cpco.io/twitter
-  [testimonial]: https://cpco.io/leave-testimonial
-  [newsletter]: https://cpco.io/newsletter
-  [email]: https://cpco.io/email
-  [commercial_support]: https://cpco.io/commercial-support
-  [we_love_open_source]: https://cpco.io/we-love-open-source
-  [module_development]: https://cpco.io/module-development
-  [terraform_modules]: https://cpco.io/terraform-modules
-  [readme_header_img]: https://cloudposse.com/readme/header/img?repo=cloudposse/terraform-aws-elastic-beanstalk-environment
-  [readme_header_link]: https://cloudposse.com/readme/header/link?repo=cloudposse/terraform-aws-elastic-beanstalk-environment
-  [readme_footer_img]: https://cloudposse.com/readme/footer/img?repo=cloudposse/terraform-aws-elastic-beanstalk-environment
-  [readme_footer_link]: https://cloudposse.com/readme/footer/link?repo=cloudposse/terraform-aws-elastic-beanstalk-environment
-  [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img?repo=cloudposse/terraform-aws-elastic-beanstalk-environment
-  [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?repo=cloudposse/terraform-aws-elastic-beanstalk-environment
+  [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=docs
+  [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=website
+  [github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=github
+  [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=jobs
+  [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=hire
+  [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=slack
+  [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=linkedin
+  [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=twitter
+  [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=testimonial
+  [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=office_hours
+  [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=newsletter
+  [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=email
+  [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=commercial_support
+  [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=we_love_open_source
+  [terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=terraform_modules
+  [readme_header_img]: https://cloudposse.com/readme/header/img
+  [readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=readme_header_link
+  [readme_footer_img]: https://cloudposse.com/readme/footer/img
+  [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=readme_footer_link
+  [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img
+  [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-elastic-beanstalk-environment&utm_content=readme_commercial_support_link
   [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-elastic-beanstalk-environment&url=https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment
   [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-elastic-beanstalk-environment&url=https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment
   [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment

docs/terraform.md

@@ -2,9 +2,10 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| additional_security_groups | List of security groups to be allowed to connect to the EC2 instances | list(string) | `<list>` | no |
 | additional_settings | Additional Elastic Beanstalk setttings. For full list of options, see https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html | object | `<list>` | no |
 | alb_zone_id | ALB zone id | map(string) | `<map>` | no |
-| allowed_security_groups | List of security groups to be allowed to connect to the EC2 instances | list(string) | `<list>` | no |
+| allowed_security_groups | List of security groups to add to the EC2 instances | list(string) | `<list>` | no |
 | application_port | Port application is listening on | number | `80` | no |
 | application_subnets | List of subnets to place EC2 instances | list(string) | - | yes |
 | associate_public_ip_address | Whether to associate public IP addresses to the instances | bool | `false` | no |

main.tf

@@ -534,7 +534,7 @@ resource "aws_elastic_beanstalk_environment" "default" {
   setting {
     namespace = "aws:autoscaling:launchconfiguration"
     name      = "SecurityGroups"
-    value     = aws_security_group.default.id
+    value     = join(",", compact(concat([aws_security_group.default.id], var.additional_security_groups)))
   }
 
   setting {

variables.tf

@@ -74,6 +74,12 @@ variable "dns_subdomain" {
 }
 
 variable "allowed_security_groups" {
+  type        = list(string)
+  description = "List of security groups to add to the EC2 instances"
+  default     = []
+}
+
+variable "additional_security_groups" {
   type        = list(string)
   description = "List of security groups to be allowed to connect to the EC2 instances"
   default     = []