feat: Add security_group_use_name_prefix variable to endpoint module

chris3ware · chris3ware · commit b0b5a6b6b67b · 2025-08-12T10:58:20.000+01:00
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -93,7 +93,7 @@ module "vpc_endpoints" {
   vpc_id = module.vpc.vpc_id
 
   create_security_group      = true
-  security_group_name_prefix = "${local.name}-vpc-endpoints-"
+  security_group_name        = "${local.name}-vpc-endpoints"
   security_group_description = "VPC endpoint security group"
   security_group_rules = {
     ingress_https = {
@@ -102,6 +102,10 @@ module "vpc_endpoints" {
     }
   }
 
+  security_group_tags = {
+    Name = "example-name-override"
+  }
+
   endpoints = {
     s3 = {
       service             = "s3"
diff --git a/modules/vpc-endpoints/README.md b/modules/vpc-endpoints/README.md
@@ -98,9 +98,9 @@ No modules.
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | Description of the security group created | `string` | `null` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created. Conflicts with `security_group_name_prefix` | `string` | `null` | no |
-| <a name="input_security_group_name_prefix"></a> [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | Name prefix to use on security group created. Conflicts with `security_group_name` | `string` | `null` | no |
 | <a name="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules) | Security group rules to add to the security group created | `any` | `{}` | no |
 | <a name="input_security_group_tags"></a> [security\_group\_tags](#input\_security\_group\_tags) | A map of additional tags to add to the security group created | `map(string)` | `{}` | no |
+| <a name="input_security_group_use_name_prefix"></a> [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`var.security_group_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Default subnets IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | `map(string)` | `{}` | no |
diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf
@@ -5,7 +5,8 @@
 locals {
   endpoints = { for k, v in var.endpoints : k => v if var.create && try(v.create, true) }
 
-  security_group_ids = var.create && var.create_security_group ? concat(var.security_group_ids, [aws_security_group.this[0].id]) : var.security_group_ids
+  security_group_ids  = var.create && var.create_security_group ? concat(var.security_group_ids, [aws_security_group.this[0].id]) : var.security_group_ids
+  security_group_name = try(coalesce(var.security_group_name), "")
 }
 
 data "aws_vpc_endpoint_service" "this" {
@@ -76,16 +77,12 @@ resource "aws_vpc_endpoint" "this" {
 resource "aws_security_group" "this" {
   count = var.create && var.create_security_group ? 1 : 0
 
-  name        = var.security_group_name
-  name_prefix = var.security_group_name_prefix
+  name        = var.security_group_use_name_prefix ? null : local.security_group_name
+  name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
   description = var.security_group_description
   vpc_id      = var.vpc_id
 
-  tags = merge(
-    var.tags,
-    var.security_group_tags,
-    { "Name" = try(coalesce(var.security_group_name, var.security_group_name_prefix), "") },
-  )
+  tags = merge(var.tags, { Name = local.security_group_name }, var.security_group_tags, )
 
   lifecycle {
     create_before_destroy = true
diff --git a/modules/vpc-endpoints/variables.tf b/modules/vpc-endpoints/variables.tf
@@ -56,10 +56,10 @@ variable "security_group_name" {
   default     = null
 }
 
-variable "security_group_name_prefix" {
-  description = "Name prefix to use on security group created. Conflicts with `security_group_name`"
-  type        = string
-  default     = null
+variable "security_group_use_name_prefix" {
+  description = "Determines whether the security group name (`var.security_group_name`) is used as a prefix"
+  type        = bool
+  default     = true
 }
 
 variable "security_group_description" {

Original file line number	Diff line number	Diff line change
`@@ -56,10 +56,10 @@ variable "security_group_name" {`
`56`	`56`	`default = null`
`57`	`57`	`}`
`58`	`58`
`59`		`-variable "security_group_name_prefix" {`
`60`		- description = "Name prefix to use on security group created. Conflicts with `security_group_name`"
`61`		`- type = string`
`62`		`- default = null`
	`59`	`+variable "security_group_use_name_prefix" {`
	`60`	+ description = "Determines whether the security group name (`var.security_group_name`) is used as a prefix"
	`61`	`+ type = bool`
	`62`	`+ default = true`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`variable "security_group_description" {`