Module/single-port-sg: Support source_security_group

[Magicloud]

---

name: Pull request template
about: Make a PR to terraform-aws-foundation

Please include the following in your PR:

Please also note that these are not hard requirements, but merely serve to define
what maintainers are looking for in PR's. Including these will more likely lead
to your PR being reviewed and accepted.

• Update the changelog
• Make sure that modules and files are documented. This can be done inside the module and files.
• Make sure that new modules directories contain a basic README.md file.
• Make sure that the module is added to tests/main.tf
• Make sure that the linting passes on CI.
• Make sure that there is an up to date example for your code:
  - For new modules this would entail example code for how to use the module or some explanation in the module readme.
  - For new examples please provide a README explaining how to run the example. It's also ideal to provide a basic makefile to use the example as well.
• Make sure that there is a manual CI trigger that can test the deployment.

[mcgirr]

Is there a way to use this without a targeted apply? I'm running into this situation that I think is stemming from the changes in the PR:

count                    = local.udp * local.by_src_sg

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

[Magicloud]

Is there a way to use this without a targeted apply? I'm running into this situation that I think is stemming from the changes in the PR:

count                    = local.udp * local.by_src_sg

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

I feel like this is a dep issue. I got this while destroying resources again. The source SG was gone (and this rule), but TF says it cannot calculate the count.

The reason I do it this way is that, source_security_group and cidr_blocks cannot be set at the same time, even one is an empty value.

@ketzacoatl Do you have any better idea? If not, I'd have to cancel this change.

[ketzacoatl]

Overall, this LGTM, I'd just like to separate the "enable" logic to locals so that is more obvious and harder to make a bug in the future.

[ketzacoatl]

@Magicloud please update the above, TY!

[Magicloud]

Updated new design. Tested in PR #304.

[ketzacoatl]

As a separate module, this LGTM!

cc @mcgirr / @Magicloud do we have any branch references to update?