Allow passing allowed security groups by id

[jochem725]

what

• Allows passing security groups by id

why

• The security group name is not available from the output of other components; this change provides flexibility to provide either the name or id depending on availability.

Summary by CodeRabbit

• New Features
  • Introduced an optional configuration to specify additional security group IDs, expanding the set of allowed security groups alongside the existing name-based option.
  • Enhances flexibility for access control by allowing both name- and ID-based configuration.
  • Backward compatible: if not set, behavior remains unchanged.

[coderabbitai]

Walkthrough

Extends the allowed security groups aggregation in src/main.tf to also include a new input variable. Introduces a new Terraform variable in src/variables.tf to accept explicit security group IDs, defaulting to an empty list. No other logic paths or exports are modified.

Changes

Cohort / File(s)	Summary
Security group aggregation logic src/main.tf	Updates local allowed_security_groups to concatenate var.allowed_security_group_ids with data.aws_security_groups.allowed.ids and local.allowed_eks_security_groups.
Terraform variables src/variables.tf	Adds variable allowed_security_group_ids (list(string), default []).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant TF as Terraform (plan/apply)
  participant Vars as Variables
  participant Data as data.aws_security_groups.allowed
  participant Loc as local.allowed_security_groups
  participant Res as Resources/Modules

  Dev->>TF: Run plan/apply
  TF->>Vars: Read var.allowed_security_group_ids
  TF->>Data: Resolve allowed security groups by name
  TF->>Loc: Concatenate IDs (var + data + EKS locals)
  Loc-->>Res: Provide allowed_security_groups
  Res-->>Dev: Apply with expanded allowed SGs

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I nudged my paws through Terraform lines,
Added IDs to the burrow’s signs;
Names and numbers now hop in sync,
A wider ring around our link.
With groups allowed, I thump with glee—
More tunnels safe for you and me. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly describes the primary feature introduced in this PR: passing allowed security groups by ID. It is concise and specific, avoiding vague language or unnecessary details. A reviewer scanning the change history will immediately understand the main enhancement being delivered.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 04b15f8 and 8bb6fed.

📒 Files selected for processing (2)

• src/main.tf (1 hunks)
• src/variables.tf (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

src/@(main|variables|outputs|providers|versions|context).tf

📄 CodeRabbit inference engine (AGENTS.md)

Keep the Terraform component source of truth under src/ with canonical files: main.tf, variables.tf, outputs.tf, providers.tf, versions.tf, context.tf

Files:

• src/main.tf
• src/variables.tf

src/**/*.tf

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.tf: Terraform code must be formatted (terraform fmt -recursive) and free of lint violations (TFLint rules)
Use lower_snake_case for Terraform variables and locals; keep resource and data source names descriptive and aligned with Cloud Posse null-label patterns
Use 2-space indentation for Terraform files

Files:

• src/main.tf
• src/variables.tf

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Summary

[mergify]

Thanks @jochem725 for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

[github-actions]

These changes were released in v1.540.1.