fix(VSECPC-11987): Minor fixes and cleanup (#22)

chkp-eddiek · chkp-guybarak · web-flow · commit 491fca361f72 · 2025-12-01T14:11:45.000+02:00
Co-authored-by: guybarak &lt;guybarak@checkpoint.com&gt;
diff --git a/modules/autoscale/main.tf b/modules/autoscale/main.tf
@@ -210,8 +210,8 @@ resource "aws_security_group" "elb_security_group" {
   description = "ELB security group"
   vpc_id = var.vpc_id
   egress {
-    from_port = 0
-    to_port = 0
+    from_port    = 0
+    to_port      = 0
     protocol = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
diff --git a/modules/autoscale_gwlb/main.tf b/modules/autoscale_gwlb/main.tf
@@ -16,35 +16,27 @@ resource "aws_security_group" "permissive_sg" {
 resource "aws_vpc_security_group_ingress_rule" "ingress_rule_ipv4" {
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv4         = "0.0.0.0/0"
-        from_port    = 0
   ip_protocol       = "-1"
-        to_port      = 0
     }
 
 resource "aws_vpc_security_group_egress_rule" "egress_rule_ipv4" {
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv4         = "0.0.0.0/0"
-    from_port = 0
   ip_protocol       = "-1"
-    to_port = 0
   }
 
 resource "aws_vpc_security_group_ingress_rule" "ingress_rule_ipv6" {
   count = var.enable_ipv6 ? 1 : 0
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv6         = "::/0"
-  from_port         = 0
   ip_protocol       = "-1"
-  to_port           = 0
   }  
 
 resource "aws_vpc_security_group_egress_rule" "egress_rule_ipv6" {
   count = var.enable_ipv6 ? 1 : 0
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv6         = "::/0"
-        from_port    = 0
   ip_protocol       = "-1"
-        to_port      = 0
 }
 
 resource "aws_launch_template" "asg_launch_template" {
@@ -60,8 +52,11 @@ resource "aws_launch_template" "asg_launch_template" {
     http_tokens = var.metadata_imdsv2_required ? "required" : "optional"
   }
 
-  iam_instance_profile {
-    name = ( var.enable_cloudwatch ? aws_iam_instance_profile.instance_profile[0].name : "")
+  dynamic "iam_instance_profile" {
+    for_each = var.enable_cloudwatch ? [1] : []
+    content {
+      name = aws_iam_instance_profile.instance_profile[0].name
+    }
   }
 
   monitoring {
diff --git a/modules/custom_autoscale/main.tf b/modules/custom_autoscale/main.tf
@@ -5,8 +5,8 @@ resource "aws_security_group" "servers_security_group" {
   vpc_id = var.vpc_id
 
   ingress {
-    from_port = 0
-    to_port = 0
+    from_port    = 0
+    to_port      = 0
     protocol = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
diff --git a/modules/tgw_gwlb_master/README.md b/modules/tgw_gwlb_master/README.md
@@ -31,7 +31,7 @@ provider "aws" {}
 
 module "example_module" {
 
-    source  = "CheckPointSW/cloudguard-network-security/aws//modules/tgw_gwlb"
+    source  = "CheckPointSW/cloudguard-network-security/aws//modules/tgw_gwlb_master"
     version = "1.0.4"
 
     // --- VPC Network Configuration --
