TeliaSoneraNorge · lukaspour · Jun 5, 2018 · Jun 6, 2018 · Jun 6, 2018 · Jun 6, 2018
diff --git a/rds-instance-full/main.tf b/rds-instance-full/main.tf
@@ -40,6 +40,29 @@ module "rds_security_group" {
   ingress_rules       = ["${var.ingress_rule}"]
 }
 
+module "custom_security_group" {
+  source = "terraform-aws-modules/security-group/aws"
+
+  create = "${var.custom_sg_id == "" ? 0 : 1 }"
+
+  name        = "${local.identifier}-rds-custom"
+  description = "Security group with RDS ports open for a custom security group"
+  vpc_id      = "${data.terraform_remote_state.vpc.vpc_id}"
+
+  ingress_cidr_blocks = ["${data.terraform_remote_state.vpc.vpc_cidr_block}"]
+
+  ingress_with_source_security_group_id = [
+    {
+      rule                     = "${var.ingress_rule}"
+      source_security_group_id = "${var.custom_sg_id}"
+    },
+  ]
+}
+
+locals {
+  security_group_id = "${coalesce(join("", module.custom_security_group.*.security_group_id), module.rds_security_group.this_security_group_id)}"
+}
+
 data "aws_db_snapshot" "manual" {
   count = "${var.manual_db_snapshot_identifier == "" ? 0 : 1}"
 
@@ -71,7 +94,7 @@ module "rds" {
 
   snapshot_identifier = "${join("", data.aws_db_snapshot.manual.*.db_snapshot_arn)}"
 
-  vpc_security_group_ids  = ["${module.rds_security_group.this_security_group_id}"]
+  vpc_security_group_ids  = ["${local.security_group_id}"]
   maintenance_window      = "${var.maintenance_window}"
   backup_window           = "${var.backup_window}"
   backup_retention_period = "${var.backup_retention_period}"

diff --git a/rds-instance-full/variables.tf b/rds-instance-full/variables.tf
@@ -87,3 +87,8 @@ variable "license_model" {
   description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1"
   default     = ""
 }
+
+variable "custom_sg_id" {
+  description = "Custom security group id which should be allowed to have access to this RDS instance"
+  default     = ""
+}