allowed_security_groups not working as intended

[major0]

Describe the Bug

The allowed_security_groups does not allow passing an SG to allow specific traffic from specific IPs. E.g. for dev testing in a dev environment.

The problem is that the allowed_security_group id's are being attached as a source for the default security group, which makes little to no sense. These ID's should be passed to aws_docdb_cluster directly:

E.g.

  vpc_security_group_ids          = concat(join("", aws_security_group.default[*].id)], var.allowed_security_groups)

Expected Behavior

I expect that should I pass an allowed_security_group id that the rules in that security group would be applied.

Steps to Reproduce

Simply pass a security group that allows ingress from an IP range and test, it wont work.

Screenshots

No response

Environment

No response

Additional Context

No response

[kevcube]

@major0 this flag is working as intended. The list that is passed in is a list of security groups that will be allowed into the documentDB's created security group.

It sounds like what you are looking for is a parameter to specify external_security_group_id_list like what was added in #69. Unfortunately this merge didn't trigger an auto-release, still not sure why, so please reference the latest commit as your module version to test it out. If it's what you need I can look into manually creating a release including it.

If what you're looking for is something different, then I'd be happy to review a contribution which adds it.

[RamazanBiyik77]

Similar thing happen to me. I created a security group and gave as dependency to that module. Unfortunately it doesn't pick the sg that i gave. It picked the sg that created automatically. I tried to change sg manually. When i applied it again , it takes auto created sg again. So I used external_security_group_id_list. That solved my problem. However 2 security group added to my cluster. Auto created sg has no inbound so it doesnt change anything.
1-) Auto created sg
2-) My sg