Should security descriptions have anything hard-coded at all? about tf_aws_sg HOT 10 CLOSED

Hi guys!

Sorry that I have not been responding for the last few days but I have just arrived back from HashiConf and going to review and merge several outstanding PRs in several community modules on Monday (25th of September).

@tehlers320 @epetrovich @tfhartmann @jasiek @joestump @hakamadare
@zimbatm @robinbowes @gstlt @ozbillwang and many others - I am planning to share some thoughts regarding the future of projects inside terraform-community-modules GitHub organization during this week. Meanwhile, let's keep pushing PRs as is, and we will migrate them to the new repositories as soon as certain standards are met.

from tf_aws_sg.

@antonbabenko thanks, just a heads up; that link is giving me a 404

from tf_aws_sg.

Very good point. As usual, pull requests are more than welcome. :)

from tf_aws_sg.

@antonbabenko Because of changed description terraform wants to recreate all security groups and recalculate SG ID's for a bunch of production boxes. How to avoid that if I'm fully integrated with community modules?

from tf_aws_sg.

Please remove that hardcode and I'll put "Security Group ..." by myself to remain working infrastructure without changes.

from tf_aws_sg.

sorry @epetrovich i havent gotten around to giving a merge yet. You could do this while you wait.

module "sg_consul" {
  source = "github.com/terraform-community-modules/tf_aws_sg?ref=v0.1.18//sg_consul"

@antonbabenko any word on what will happen to this project now that hashicorp has a modules registry? (introduced in 0.10.6)

https://registry.terraform.io/

Ill try and do the proposed PR this weekend.

from tf_aws_sg.

from tf_aws_sg.

Here is the blog post about the new registry - https://medium.com/@anton.babenko/welcome-to-terraform-registry-d0192565783d

from tf_aws_sg.

Back to the current issue opened by @tehlers320 . While I was flying last week (16 hours) I was working on a version of this module which will be published to the registry and I need about one day of work to finish it.

Key features are:

1. No code duplication like we currently have almost the same code in each folder
2. Map of ports is defined as local variable in single place in module
3. Support for named security groups (like http, ssh, mysql, etc)
4. Possibility to customize ports, CIDR blocks, IPv6 blocks among other things for any ingress/egress rule

The syntax will look like this (you can imagine that all lists arguments are optional, of course):

module "custom_sg" {
  source = "../../modules/sg"

  name        = "sg name"
  description = "sg description"

  vpc_id = "vpc-12345678"

  # open for all:
  ingress_rules = ["http", "mysql"]

  # open co cidr_blocks
  ingress_rules_with_cidr_blocks = [
    {
      rule = "http"
    },
    {
      rule        = "mysql"
      cidr_blocks = "0.0.0.0/0,2.2.2.2/32"
    },
    {
      rule        = "http"
      cidr_blocks = "0.0.0.0/0"
    },
  ]

  # open for security group id:
  ingress_rules_with_source_security_group_id = [
    {
      rule                     = "http"
      source_security_group_id = "sg-12345678"
    },
    {
      rule                     = "mysql"
      source_security_group_id = "sg-12345678"
    },
  ]

  # open for self as a source security group id:
  //  ingress_rules_with_self_security_group_id = [
  //    {
  //      rule = "mysql"
  //    },
  //  ]

  # open custom ports for custom sources
  ingress_ports = [
    {
      from_port                = 10
      to_port                  = 10
      protocol                 = "tcp"
      source_security_group_id = "sg-12345678"
    },
    {
      from_port                = 20
      to_port                  = 30
      protocol                 = "tcp"
      source_security_group_id = "sg-12345678"
    },
    {
      from_port = 30
      to_port   = 40
      protocol  = "tcp"
      self      = true
    },
  ]
}

from tf_aws_sg.

https://github.com/terraform-aws-modules/terraform-aws-security-group - this is the new module, which covers everything from before + something more. If you need help - open an issue there and I will be glad to assist.

I feel that documentation there can still be better, so let's make it together :)

from tf_aws_sg.