From 24349dcd9c3a637e15bcf58fbafe3149ede02f14 Mon Sep 17 00:00:00 2001 From: guybarak Date: Wed, 26 Nov 2025 17:43:57 +0000 Subject: [PATCH] fix(VSECPC-11987): Minor fixes and cleanup --- modules/autoscale/main.tf | 4 ++-- modules/autoscale_gwlb/main.tf | 15 +++++---------- modules/custom_autoscale/main.tf | 4 ++-- modules/tgw_gwlb_master/README.md | 2 +- 4 files changed, 10 insertions(+), 15 deletions(-) diff --git a/modules/autoscale/main.tf b/modules/autoscale/main.tf index 8fee0e9..826c721 100755 --- a/modules/autoscale/main.tf +++ b/modules/autoscale/main.tf @@ -210,8 +210,8 @@ resource "aws_security_group" "elb_security_group" { description = "ELB security group" vpc_id = var.vpc_id egress { - from_port = 0 - to_port = 0 + from_port = 0 + to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } diff --git a/modules/autoscale_gwlb/main.tf b/modules/autoscale_gwlb/main.tf index 92a1980..0bdf1c9 100755 --- a/modules/autoscale_gwlb/main.tf +++ b/modules/autoscale_gwlb/main.tf @@ -16,35 +16,27 @@ resource "aws_security_group" "permissive_sg" { resource "aws_vpc_security_group_ingress_rule" "ingress_rule_ipv4" { security_group_id = aws_security_group.permissive_sg.id cidr_ipv4 = "0.0.0.0/0" - from_port = 0 ip_protocol = "-1" - to_port = 0 } resource "aws_vpc_security_group_egress_rule" "egress_rule_ipv4" { security_group_id = aws_security_group.permissive_sg.id cidr_ipv4 = "0.0.0.0/0" - from_port = 0 ip_protocol = "-1" - to_port = 0 } resource "aws_vpc_security_group_ingress_rule" "ingress_rule_ipv6" { count = var.enable_ipv6 ? 1 : 0 security_group_id = aws_security_group.permissive_sg.id cidr_ipv6 = "::/0" - from_port = 0 ip_protocol = "-1" - to_port = 0 } resource "aws_vpc_security_group_egress_rule" "egress_rule_ipv6" { count = var.enable_ipv6 ? 1 : 0 security_group_id = aws_security_group.permissive_sg.id cidr_ipv6 = "::/0" - from_port = 0 ip_protocol = "-1" - to_port = 0 } resource "aws_launch_template" "asg_launch_template" { @@ -60,8 +52,11 @@ resource "aws_launch_template" "asg_launch_template" { http_tokens = var.metadata_imdsv2_required ? "required" : "optional" } - iam_instance_profile { - name = ( var.enable_cloudwatch ? aws_iam_instance_profile.instance_profile[0].name : "") + dynamic "iam_instance_profile" { + for_each = var.enable_cloudwatch ? [1] : [] + content { + name = aws_iam_instance_profile.instance_profile[0].name + } } monitoring { diff --git a/modules/custom_autoscale/main.tf b/modules/custom_autoscale/main.tf index c361388..608742c 100755 --- a/modules/custom_autoscale/main.tf +++ b/modules/custom_autoscale/main.tf @@ -5,8 +5,8 @@ resource "aws_security_group" "servers_security_group" { vpc_id = var.vpc_id ingress { - from_port = 0 - to_port = 0 + from_port = 0 + to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } diff --git a/modules/tgw_gwlb_master/README.md b/modules/tgw_gwlb_master/README.md index 2d72bcf..aa456e7 100755 --- a/modules/tgw_gwlb_master/README.md +++ b/modules/tgw_gwlb_master/README.md @@ -31,7 +31,7 @@ provider "aws" {} module "example_module" { - source = "CheckPointSW/cloudguard-network-security/aws//modules/tgw_gwlb" + source = "CheckPointSW/cloudguard-network-security/aws//modules/tgw_gwlb_master" version = "1.0.4" // --- VPC Network Configuration --