fix always dirty aws_security_group.default (#170)

Co-authored-by: actions-bot <[email protected]>
Co-authored-by: Matt Gowie <[email protected]>
Co-authored-by: cloudpossebot <[email protected]>

Author: 4 people

README.md

@@ -1,3 +1,4 @@
+
 <!-- markdownlint-disable -->
 # terraform-aws-elastic-beanstalk-environment
 
@@ -39,7 +40,6 @@ The Cloud Posse team no longer utilizes Beanstalk all that much, but this module
 
 If you're interested, reach out to us via the `#terraform` channel in [the SweetOps Slack](https://slack.sweetops.com/) or directly [via email @ [email protected]](mailto:[email protected])
 
-
 ---
 
 This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
@@ -70,7 +70,6 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
 
 
 
-
 ## Security & Compliance [<img src="https://cloudposse.com/wp-content/uploads/2020/11/bridgecrew.svg" width="250" align="right" />](https://bridgecrew.io/)
 
 Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.

main.tf

@@ -302,11 +302,14 @@ resource "aws_security_group" "default" {
 
   vpc_id = var.vpc_id
 
-  ingress {
-    from_port       = 0
-    to_port         = 0
-    protocol        = -1
-    security_groups = var.allowed_security_groups
+  dynamic "ingress" {
+    for_each = length(var.allowed_security_groups) == 0 ? [] : [1]
+    content {
+      from_port       = 0
+      to_port         = 0
+      protocol        = -1
+      security_groups = var.allowed_security_groups
+    }
   }
 
   egress {