infrastructure-as-code

AWS and Terraform - Default egress rule in security group

混江龙づ霸主 提交于 2021-02-04 18:07:49
问题 There is a repeatable configuration that I see in many Terraform projects where the provider is AWS: The configuration of an outbound (egress) rule to allow ALL outbound traffic. As far as I understand, this is the default behavior in AWS as mentioned in the AWS user guide: By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound

AWS and Terraform - Default egress rule in security group

谁说胖子不能爱 提交于 2021-02-04 18:07:35
问题 There is a repeatable configuration that I see in many Terraform projects where the provider is AWS: The configuration of an outbound (egress) rule to allow ALL outbound traffic. As far as I understand, this is the default behavior in AWS as mentioned in the AWS user guide: By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound

How to enforce standards and controls when using CDK Pipeline

有些话、适合烂在心里 提交于 2021-01-28 11:24:58
问题 CDK Pipelines is great, specially for cross-account deployments. It enables the developers to define and customize the CI/CD pipeline for their app to their heart's content. But to remain SoC compliant, we need to make sure that necessary controls like below are validated/enforced A manual approval stage should be present before the stage that does the cross-account deployment to production Direct deployment to production bypassing dev/staging environment is not allowed Test cases (Unit tests

Documentation for AWS infrastructure as code

∥☆過路亽.° 提交于 2020-12-15 19:43:24
问题 Recently, while trying to build a terraform IaC, I found that I couldn’t get the API Gateway to route to the Lambda properly. It turned out that when using the console AWS automatically assigns the permissions the gateway needs for the Lambda, but with IaC in terraform this must be assigned explicitly. The above is understandable but for a newbie, to both AWS and terraform, confusing. Is there documentation which explains the required components within an infrastructure connection, such as

Documentation for AWS infrastructure as code

喜你入骨 提交于 2020-12-15 19:41:41
问题 Recently, while trying to build a terraform IaC, I found that I couldn’t get the API Gateway to route to the Lambda properly. It turned out that when using the console AWS automatically assigns the permissions the gateway needs for the Lambda, but with IaC in terraform this must be assigned explicitly. The above is understandable but for a newbie, to both AWS and terraform, confusing. Is there documentation which explains the required components within an infrastructure connection, such as

Documentation for AWS infrastructure as code

风流意气都作罢 提交于 2020-12-15 19:39:49
问题 Recently, while trying to build a terraform IaC, I found that I couldn’t get the API Gateway to route to the Lambda properly. It turned out that when using the console AWS automatically assigns the permissions the gateway needs for the Lambda, but with IaC in terraform this must be assigned explicitly. The above is understandable but for a newbie, to both AWS and terraform, confusing. Is there documentation which explains the required components within an infrastructure connection, such as

Terraform config isn't using output from other file for already created resource, instead tries to recreate it and fails (security group id)

只愿长相守 提交于 2020-07-23 06:53:05
问题 In terraform/aws/global/vpc/security_groups.tf I have the below code to create my bastion security group, and the output.tf file as well which is below. But in terraform/aws/layers/bastion/main.tf (code also below) I reference that security group as I need its security group ID to create my EC2 instance, the issue I have is that rather than getting the ID from the already existing security group created by the /vpc/security_groups.tf config it tries to create the whole security group and the

Terraform config isn't using output from other file for already created resource, instead tries to recreate it and fails (security group id)

为君一笑 提交于 2020-07-23 06:51:17
问题 In terraform/aws/global/vpc/security_groups.tf I have the below code to create my bastion security group, and the output.tf file as well which is below. But in terraform/aws/layers/bastion/main.tf (code also below) I reference that security group as I need its security group ID to create my EC2 instance, the issue I have is that rather than getting the ID from the already existing security group created by the /vpc/security_groups.tf config it tries to create the whole security group and the

Terraform - Use security group ID created in separate file for EC2 instance creation

你离开我真会死。 提交于 2020-07-22 05:42:12
问题 I have used this module to create a security group in AWS VPC. How do I reference the resource created from this in a separate file? I am creating our bastion instance in a separate directory in the same repo. My bastion config looks like the following, uses the Terraform EC2 module and works if I hard code the vpc security group ID, but I want it to be able to take it directly from when the security group is created as this could change in the future.. terraform/aws/layers/bastion/main.tf