- Use null as default to preserve current settings and when removing default control

bryantbiggs · bryantbiggs · commit dca165ad4793 · 2020-06-20T18:05:41.000-04:00
diff --git a/README.md b/README.md
@@ -314,9 +314,9 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | default\_network\_acl\_name | Name to be used on the Default Network ACL | `string` | `""` | no |
 | default\_network\_acl\_tags | Additional tags for the Default Network ACL | `map(string)` | `{}` | no |
-| default\_security\_group\_egress | List of maps of egress rules to set on the default security group | `list(map(string))` | <pre>[<br>  {<br>    "cidr_blocks": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "to_port": 0<br>  }<br>]</pre> | no |
-| default\_security\_group\_ingress | List of maps of ingress rules to set on the default security group | `list(map(string))` | <pre>[<br>  {<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "self": true,<br>    "to_port": 0<br>  }<br>]</pre> | no |
-| default\_security\_group\_name | Name to be used on the default security group | `string` | `""` | no |
+| default\_security\_group\_egress | List of maps of egress rules to set on the default security group | `list(map(string))` | `null` | no |
+| default\_security\_group\_ingress | List of maps of ingress rules to set on the default security group | `list(map(string))` | `null` | no |
+| default\_security\_group\_name | Name to be used on the default security group | `string` | `"default"` | no |
 | default\_security\_group\_tags | Additional tags for the default security group | `map(string)` | `{}` | no |
 | default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | `bool` | `false` | no |
 | default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
@@ -57,7 +57,7 @@ resource "aws_vpc_ipv4_cidr_block_association" "this" {
 resource "aws_default_security_group" "this" {
   count = var.create_vpc && var.manage_default_security_group ? 1 : 0
 
-  vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
+  vpc_id = aws_vpc.this[0].id
 
   dynamic "ingress" {
     for_each = var.default_security_group_ingress
diff --git a/variables.tf b/variables.tf
@@ -2268,21 +2268,13 @@ variable "manage_default_security_group" {
 variable "default_security_group_name" {
   description = "Name to be used on the default security group"
   type        = string
-  default     = ""
+  default     = "default"
 }
 
 variable "default_security_group_ingress" {
   description = "List of maps of ingress rules to set on the default security group"
   type        = list(map(string))
-
-  default = [
-    {
-      self      = true
-      from_port = 0
-      to_port   = 0
-      protocol  = "-1"
-    }
-  ]
+  default     = null
 }
 
 variable "enable_flow_log" {
@@ -2294,15 +2286,7 @@ variable "enable_flow_log" {
 variable "default_security_group_egress" {
   description = "List of maps of egress rules to set on the default security group"
   type        = list(map(string))
-
-  default = [
-    {
-      cidr_blocks = "0.0.0.0/0"
-      from_port   = 0
-      to_port     = 0
-      protocol    = "-1"
-    }
-  ]
+  default     = null
 }
 
 variable "default_security_group_tags" {
