<% security_groups.each do |security_group| -%> resource "aws_security_group" "<%= module_name_of(security_group) %>" { name = "<%= security_group.group_name %>" description = "<%= security_group.description %>" vpc_id = "<%= security_group.vpc_id || '' %>" <% dedup_permissions(security_group.ip_permissions, security_group.group_id).each do |permission| -%> <%- security_groups = security_groups_in(permission).reject { |group_id| group_id == security_group.group_id } -%> ingress { from_port = <%= permission.from_port || 0 %> to_port = <%= permission.to_port || 0 %> protocol = "<%= permission.ip_protocol %>" <%- if permission.ip_ranges.length > 0 -%> cidr_blocks = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %> <%- end -%> <%- if permission.user_id_group_pairs.length > 0 -%> <%- self_referenced = self_referenced_permission?(security_group, permission) -%> <%- unless self_referenced -%> security_groups = <%= security_groups.inspect %> <%- end -%> self = <%= self_referenced %> <%- end -%> } <% end -%> <% dedup_permissions(security_group.ip_permissions_egress, security_group.group_id).each do |permission| -%> egress { from_port = <%= permission.from_port || 0 %> to_port = <%= permission.to_port || 0 %> protocol = "<%= permission.ip_protocol %>" <%- if permission.ip_ranges.length > 0 -%> cidr_blocks = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %> <%- end -%> <%- if permission.user_id_group_pairs.length > 0 -%> <%- self_referenced = self_referenced_permission?(security_group, permission) -%> <%- unless self_referenced -%> security_groups = <%= security_groups_in(permission).inspect %> <%- end -%> self = <%= self_referenced %> <%- end -%> } <% end -%> <% if security_group.tags.length > 0 -%> tags { <% security_group.tags.each do |tag| -%> "<%= tag.key %>" = "<%= tag.value %>" <% end -%> } <% end -%> } <% end -%>