From a50014b9ff966c31e49727fc42b4a9ee2ac0a37c Mon Sep 17 00:00:00 2001
From: chris3ware <36608309+chris3ware@users.noreply.github.com>
Date: Tue, 12 Aug 2025 11:28:22 +0100
Subject: [PATCH] fix: Change security group tags merge precedence in
 vpc-endpoints module

---
 examples/complete/main.tf     | 4 ++++
 modules/vpc-endpoints/main.tf | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 0ac5553e..7e39c31e 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -102,6 +102,10 @@ module "vpc_endpoints" {
     }
   }
 
+  security_group_tags = {
+    Name = "example-name-override"
+  }
+
   endpoints = {
     s3 = {
       service             = "s3"
diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf
index 5e2d105b..344e087c 100644
--- a/modules/vpc-endpoints/main.tf
+++ b/modules/vpc-endpoints/main.tf
@@ -83,8 +83,8 @@ resource "aws_security_group" "this" {
 
   tags = merge(
     var.tags,
-    var.security_group_tags,
     { "Name" = try(coalesce(var.security_group_name, var.security_group_name_prefix), "") },
+    var.security_group_tags
   )
 
   lifecycle {