Merge pull request #6 from gchamon/feature/extra-security-groups

add extra security group ids to ec2 launch template
gchamon · Oct 25, 2022 · 07c738b · 07c738b
2 parents ed2d7f0 + 2d4d0ef
commit 07c738b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/MODULE_ARGUMENTS.md b/MODULE_ARGUMENTS.md
@@ -51,6 +51,7 @@ No requirements.
 | <a name="input_desired_instances"></a> [desired\_instances](#input\_desired\_instances) | [WIP] used for high availability. Not implemented. This option has no effect | `number` | `1` | no |
 | <a name="input_docker_image"></a> [docker\_image](#input\_docker\_image) | The docker image used to launch Firezone. Override this with another image repo (e.g. ECR) to control the version. Useful for not depending on dockerhub SLA and for custom patches | `string` | `"firezone/firezone:0.6.4"` | no |
 | <a name="input_enable_cloudwatch_metrics"></a> [enable\_cloudwatch\_metrics](#input\_enable\_cloudwatch\_metrics) | Optional: enable swap, memory and disk metrics with cloudwatch agent | `bool` | `false` | no |
+| <a name="input_extra_security_group_ids"></a> [extra\_security\_group\_ids](#input\_extra\_security\_group\_ids) | Extra security group ids to attach to the VPN EC2 instance | `list(string)` | `[]` | no |
 | <a name="input_firezone_environment_variables"></a> [firezone\_environment\_variables](#input\_firezone\_environment\_variables) | Extra environment variables to pass to the Firezone container. See https://docs.firezone.dev/reference/env-vars | `any` | `{}` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Wireguard EC2 instance type. Controls CPU, Memory and Network resources | `string` | n/a | yes |
 | <a name="input_internal_url"></a> [internal\_url](#input\_internal\_url) | The URL used to create an alias to the EC2 instance private IP | `string` | `null` | no |

diff --git a/ec2.tf b/ec2.tf
@@ -23,11 +23,15 @@ resource "aws_launch_template" "instance" {
 
   disable_api_termination = true
   instance_type           = var.instance_type
-  vpc_security_group_ids  = [aws_security_group.wireguard.id]
   image_id                = data.aws_ami.amazon_linux_2.image_id
   key_name                = aws_key_pair.this.key_name
   update_default_version  = true
 
+  vpc_security_group_ids = concat(
+    [aws_security_group.wireguard.id],
+    var.extra_security_group_ids
+  )
+
   block_device_mappings {
     device_name = "/dev/xvda"
 

diff --git a/variables.tf b/variables.tf
@@ -89,7 +89,13 @@ variable "admin_user_email" {
 }
 
 variable "firezone_environment_variables" {
-  default = {}
-  type = any
+  default     = {}
+  type        = any
   description = "Extra environment variables to pass to the Firezone container. See https://docs.firezone.dev/reference/env-vars"
+}
+
+variable "extra_security_group_ids" {
+  description = "Extra security group ids to attach to the VPN EC2 instance"
+  type        = list(string)
+  default     = []
 }