fix(modules/asg): Accept entire SG list for ENI in ASG module (#88)

acelebanski · web-flow · commit bd792adb5ee4 · 2024-10-29T10:23:47.000+01:00
diff --git a/modules/asg/main.tf b/modules/asg/main.tf
@@ -68,7 +68,7 @@ resource "aws_launch_template" "this" {
 
   network_interfaces {
     device_index                = 0
-    security_groups             = [local.default_eni_sg_ids[0]]
+    security_groups             = local.default_eni_sg_ids
     subnet_id                   = values(local.default_eni_subnet_names[0])[0]
     associate_public_ip_address = try(local.default_eni_public_ip[0])
   }
diff --git a/modules/asg/scripts/lambda.py b/modules/asg/scripts/lambda.py
@@ -158,7 +158,7 @@ def create_interface_settings(instance_zone: str) -> list:
             for k, v in sett.items():
                 interface[eni] = {} if eni not in interface.keys() else interface[eni]
                 interface[eni]["index"] = int(v) if 'device_index' in k else interface.get(eni).get('index')
-                interface[eni]["sg"] = v[0] if 'security_group_ids' in k else interface.get(eni).get('sg')
+                interface[eni]["sg"] = v if 'security_group_ids' in k else interface.get(eni).get('sg')
                 interface[eni]["c_pub_ip"] = v if 'create_public_ip' in k else interface.get(eni).get('c_pub_ip')
                 interface[eni]["s_dest_ch"] = v if 'source_dest_check' in k else interface.get(eni).get('s_dest_ch')
                 if 'subnet_id' in k:
@@ -180,23 +180,23 @@ def inspect_ec2_instance(self, instance_id: str) -> tuple:
         return instance_info.get('Placement').get('AvailabilityZone') if 'Placement' in instance_info else None, \
             instance_info.get('SubnetId'), instance_info.get('NetworkInterfaces')
 
-    def create_network_interface(self, instance_id: str, subnet_id: str, sg_id: int) -> str:
+    def create_network_interface(self, instance_id: str, subnet_id: str, sg_ids: list) -> str:
         """
         As function name, it creates new ENI, if something wrong it catch error.
 
         :param instance_id: EC2 Instance id
         :param subnet_id: Subnet id
-        :param sg_id: Security group id
+        :param sg_ids: Security group ids
         :return: Network Interface id
         """
 
-        self.logger.debug(f"DEBUG: create_interface: instance_id={instance_id}, subnet_id={subnet_id}, sg_id={sg_id}")
+        self.logger.debug(f"DEBUG: create_interface: instance_id={instance_id}, subnet_id={subnet_id}, sg_ids={sg_ids}")
         try:
             tags = loads(getenv('lambda_config')).get('tags')
             tag_specifications = [{'Key': k, 'Value': v} for k, v in tags.items()]
             network_interface = self.ec2_client.create_network_interface(
                 SubnetId=subnet_id,
-                Groups=[sg_id],
+                Groups=sg_ids,
                 TagSpecifications=[
                     {
                         'ResourceType': 'network-interface',

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ resource "aws_launch_template" "this" {`
`68`	`68`
`69`	`69`	`network_interfaces {`
`70`	`70`	`device_index = 0`
`71`		`- security_groups = [local.default_eni_sg_ids[0]]`
	`71`	`+ security_groups = local.default_eni_sg_ids`
`72`	`72`	`subnet_id = values(local.default_eni_subnet_names[0])[0]`
`73`	`73`	`associate_public_ip_address = try(local.default_eni_public_ip[0])`
`74`	`74`	`}`