Optional or no egress rule in default security group

[wilkej]

Describe the Feature

In our pipeline for terraform we ran tf_sec as well which marks a outbound sg rule with protocol -1 and cidr blocks 0.0.0.0/0

A RDS Security Group doesn't need a outbound rule as the SGs are stateful. therefore all requests will be answered and the db itself will not initate a connection

Use Case

use the module and check it with tf_sec without findings

Describe Ideal Solution

1. It would be ideal if it is possible to decide if the outbound / egress rule shall be created
2. or optional define the cidr blocks, ports and protocols for the rule

Alternatives Considered

Explain what alternative solutions or features you've considered.

Additional Context

relates to this resource

resource "aws_security_group_rule" "egress" {
  count             = module.this.enabled ? 1 : 0
  description       = "Allow all egress traffic"
  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = join("", aws_security_group.default.*.id)
}

[nitrocode]

This is being worked on with major refactoring taking place in the https://github.com/cloudposse/terraform-aws-security-group module. Once the open PRs there are merged and this repo uses that module, then it will be much easier to overwrite this rule.

[drselump14]

Are we still waiting for the terraform-aws-security-group module to be merged?