feature: Add security group as input #67
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Terraform Format and Style 🖌
|
fatbasstard
force-pushed
the
fvb/securitygroup-refactor
branch
from
5324407 to
366b8b5
Compare
fatbasstard
force-pushed
the
fvb/securitygroup-refactor
branch
from
af3b2ba to
60ecab4
Compare
stefanwb
previously requested changes
Dec 17, 2023
There was a problem hiding this comment.
Hi! In the current state of the PR if you specify both a security_group_id and security_group_egress_rules TF will fail on resource "aws_vpc_security_group_egress_rule" "default".
Also the variable security_group_name_prefix should not be set when security_group_id is set.
Could you add validation to security_group_id and check if security_group_egress_rules or security_group_name_prefix are set?
fatbasstard
force-pushed
the
fvb/securitygroup-refactor
branch
2 times, most recently
from
a8bc5db to
8ab1e0f
Compare
fatbasstard
force-pushed
the
fvb/securitygroup-refactor
branch
from
0e1656b to
46710ed
Compare
fatbasstard
force-pushed
the
fvb/securitygroup-refactor
branch
from
74a9e58 to
0784ae5
Compare
fatbasstard
force-pushed
the
fvb/securitygroup-refactor
branch
from
a3898c1 to
50719e0
Compare
stefanwb
approved these changes
Mar 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the capability to pass a security group instead always creating one with the Lambda itself.
Reasoning
Currently, for every Lambda it's own security group is created (when running in a VPC), with just a simple Egress. Downside it that this can cause limits being hit:
AWS is not happy with updating these limits BTW...
The change
By allowing to pass along the security group, it's possible to reuse SG's (e.g. between similar Lambda's) and prevent the limitation issue.
Update
Passing a single SG as a string causes new deployments (where the SG and the Lambda are deployed in the same TF run) to break ("unable to determine..." thing).
Changed into an array (which is the actual settings of a Lambda) so we can use
lengthwhich works for Terraform.Kept the "old" output to return the generated ID, added a new for all the ID's.
With this it's fully backwards compatible and just adds a feature (to pass your own SG's)