feat!: create security group outside the module #382

kayman-mk · 2025-01-21T21:02:07Z

Description

Roles are typically interconnected. So it is better to create the role outside the module and import its name.

Usually security groups are related to each other and it is better to create them outside a module in a central place. Therefor we no longer create the security group inside the module.

Migrations required

Create the security group and IAM role outside the module and pass the values.

resource "aws_security_group" "this" {
  vpc_id = module.vpc.vpc_id

  name        = "bastion-host"
  description = "Securing the bastion host"
}

resource "aws_iam_role" "access_bastion" {
  name        = "connect-bastion"
  description = "Role used to connect to the bastion instance."

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect    = "Allow",
        Action    = "sts:AssumeRole",
        Principal = { "AWS" : module.bastion_user.iam_user_arn }
    }]
  })
}

module "bastion_host" {
  # other stuff here …
  connect_bastion_role_name = aws_iam_role.access_bastion.name

  security_group_id     = aws_security_group.this.id
}

github-actions · 2025-01-21T21:02:21Z

Hey @kayman-mk! 👋

Thank you for your contribution to the project. Please refer to the
contribution rules for a quick overview of the process.

Make sure that this PR clearly explains:

the problem being solved
the best way a reviewer and you can test your changes

With submitting this PR you confirm that you hold the rights of the code added and agree that it will
published under this LICENSE.

The following ChatOps commands are supported:

/help: notifies a maintainer to help you out
/ready: marks the PR as ready for review and removes the checklist

Simply add a comment with the command in the first line. If you need to pass more information, separate it
with a blank line from the command.

This message was generated automatically. You are welcome to
improve it.

Roles are typically interconnected. So it is better to create the role outside the module and import its name. Usually security groups are related to each other and it is better to create them outside a module in a central place. Therefor we no longer create the security group inside the module.

HapagLloydTechnicalUser · 2025-01-22T06:40:40Z

🎉 This PR is included in version 4.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

kayman-mk force-pushed the kayma/security branch 2 times, most recently from 2db234a to d543e4b Compare January 21, 2025 21:31

kayman-mk force-pushed the kayma/security branch from d543e4b to 3709eb1 Compare January 21, 2025 21:33

kayman-mk marked this pull request as ready for review January 21, 2025 21:38

kayman-mk requested a review from a team as a code owner January 21, 2025 21:38

kayman-mk requested review from FalkoSp and kindermannlennart and removed request for FalkoSp January 21, 2025 21:38

kindermannlennart approved these changes Jan 22, 2025

View reviewed changes

kayman-mk merged commit 29e7e8d into main Jan 22, 2025
27 checks passed

kayman-mk deleted the kayma/security branch January 22, 2025 06:40

HapagLloydTechnicalUser added the released label Jan 22, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat!: create security group outside the module #382

feat!: create security group outside the module #382

kayman-mk commented Jan 21, 2025 •

edited

Loading

github-actions bot commented Jan 21, 2025

HapagLloydTechnicalUser commented Jan 22, 2025

feat!: create security group outside the module #382

feat!: create security group outside the module #382

Conversation

kayman-mk commented Jan 21, 2025 • edited Loading

Description

Migrations required

github-actions bot commented Jan 21, 2025

HapagLloydTechnicalUser commented Jan 22, 2025

kayman-mk commented Jan 21, 2025 •

edited

Loading