-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Descriptions for Security Group Rules #1554
Comments
It doesn't look like the Go SDK supports descriptions for ingress/egress yet: http://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#AuthorizeSecurityGroupIngressInput, http://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#AuthorizeSecurityGroupEgressInput. |
Following documentation http://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#IpRange Expected Behavior
Actual Behavior
|
No, you should be able to do it directly with AuthorizeSecurityGroupIngress/Egress; it's just embedded deeper into their model of IpPermissions, e.g., http://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#IpRange |
I started looking into potentially implementing this, but it looks messier than I thought. @thomasbiddle's suggestion doesn't align cleanlly with the AWS data model because he has the A more "natural" way (as in, consistent with the AWS data models) of implementing this would be to have the TF look like: resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = [
{
cidr = "0.0.0.0/0"
description = "the entire intrawebz"
}
]
prefix_list_ids = [
{
prefix_list = "pl-12c4e678"
description = "what is this pl anyway?"
}
]
description = "Description of this rule"
security_group_id = "sg-123456"
} But that's now a breaking change in the HCL for a security group rule. This could be worked around by specifying a unique Is there a clean way to have something the elements of Alternatively, we could have |
@joelthompson IMHO the Terraform |
@ewbankkit thanks for the patch!
|
Why not just allow duplication for those who want to use different descriptions for the same rule for different sources?
Yes, you have to duplicate the whole block for each target you want to have a different description, but it at least lets you manage descriptions if you choose to without breaking compatibility in the configuration format. If you want the same description for several targets for the same rule, you can do that with a single block. |
With last terraform version( 0.10.5), i try to use description for security groupe rules, but an error occured: 1 error(s) occurred:
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Finally! AWS has added support for description of individual rules within security groups! This would be an amazing addition for Terraform:
https://aws.amazon.com/blogs/aws/new-descriptions-for-security-group-rules/
Terraform Version
Terraform v0.10.2
Affected Resource(s)
Please list the resources as a list, for example:
security_group
security_group_rule
Possible implementations of this could be having a
description
attribute for these resources where appropriate. Thesecurity_group
already has adescription
attribute, so this would be implemented specifically within theingress
block.Terraform Configuration Files
The text was updated successfully, but these errors were encountered: