From 4ddf29f1cc92ff4dff17f948c188d908fbc0427c Mon Sep 17 00:00:00 2001
From: Stefan Wessels Beljaars <swesselsbeljaars@schubergphilis.com>
Date: Tue, 24 Oct 2023 15:18:28 +0200
Subject: [PATCH] Fixes the SG already exists error when recreating with
 create_before_destroy by introducing a sg_name_prefix variable that can be
 used to override the default behaviour where the Lambda's name is used.

Signed-off-by: Stefan Wessels Beljaars <swesselsbeljaars@schubergphilis.com>
---
 main.tf      | 5 +++--
 variables.tf | 6 ++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index afa0127..98e62c3 100644
--- a/main.tf
+++ b/main.tf
@@ -3,11 +3,12 @@ locals {
   create_policy              = var.create_policy != null ? var.create_policy : var.role_arn == null
   dead_letter_config         = var.dead_letter_target_arn != null ? { create : true } : {}
   environment                = var.environment != null ? { create : true } : {}
+  ephemeral_storage          = var.ephemeral_storage_size != null ? { create : true } : {}
   execution_type             = var.subnet_ids == null ? "Basic" : "VPCAccess"
   filename                   = var.filename != null ? var.filename : data.archive_file.dummy.output_path
+  sg_name_prefix             = var.sg_name_prefix != null ? var.sg_name_prefix : var.name
   source_code_hash           = var.source_code_hash != null ? var.source_code_hash : var.filename != null ? filebase64sha256(var.filename) : null
   tracing_config             = var.tracing_config_mode != null ? { create : true } : {}
-  ephemeral_storage          = var.ephemeral_storage_size != null ? { create : true } : {}
   vpc_config                 = var.subnet_ids != null ? { create : true } : {}
 }
 
@@ -74,7 +75,7 @@ resource "aws_security_group" "default" {
   #checkov:skip=CKV2_AWS_5: False positive finding, the security group is attached.
   count = var.subnet_ids != null ? 1 : 0
 
-  name        = var.name
+  name_prefix = "${local.sg_name_prefix}-"
   description = "Security group for lambda ${var.name}"
   vpc_id      = data.aws_subnet.selected[0].vpc_id
   tags        = var.tags
diff --git a/variables.tf b/variables.tf
index 79d9bb2..37d79a1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -196,6 +196,12 @@ variable "security_group_egress_rules" {
   }
 }
 
+variable "sg_name_prefix" {
+  type        = string
+  default     = null
+  description = "Prefix that will be added to the name of the security group"
+}
+
 variable "source_code_hash" {
   type        = string
   default     = null