Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS provider: separate SG rules from SGs #493

Closed
patrykorwat opened this issue May 2, 2020 · 3 comments · Fixed by #538
Closed

AWS provider: separate SG rules from SGs #493

patrykorwat opened this issue May 2, 2020 · 3 comments · Fixed by #538

Comments

@patrykorwat
Copy link
Contributor

The task is to allow terraformer not to inline rules and import them separately.

Ref: #275 (comment)
@iwasnobody
Copy link

I'm looking forward this feature cause part of aws resources are created manually and part of are managed terraform.
We are now trying to migrate resources created manually to terraform using terraformer.
Cause there is no good way to combine the state file created by terraformer with the our existing state file. We have to use terraform import to add state entry for each resources created by terraformer into the existing state file.
Because the terraform import command import the security group by separate sg rule while the tf config generated by terraformer has inline rules. When I do terraform plan, the separate sg rule will be deleted because they are in state file but not in tf config.
We use terraform enterprise and support engineer in terraform confirmed it is the behavior of terraform import because separate sg rule is their best practice.
Screen Shot 2020-06-18 at 9 47 12 AM
Screen Shot 2020-06-18 at 9 46 47 AM

@patrykorwat
Copy link
Contributor Author

patrykorwat commented Jun 18, 2020
edited
Loading

Thanks for digging that problem! The initial idea was to keep things clear and readable but there are already several people who are asking for the change.

The terraformer tool is being used in two ways:

  1. To generate dump of Terraform resources, to be later used for building of custom structures - in this case it should be fine to keel inline rules, since refresh command will be used, not import
  2. The case that you described, where additional import is necessary.

The best solution in this case, would be to tell terraformer to separate the rules from groups. That would be achieved in a similar manner to how we customize dump of SQS queues [1]. We can add code to keep rules out of the groups if environment variable SPLIT_SG_RULES is set to any value.

[1] https://github.com/GoogleCloudPlatform/terraformer#sqs-queues-retrieval

patrykorwat added a commit to patrykorwat/terraformer that referenced this issue Jul 1, 2020
@patrykorwat
GoogleCloudPlatform#493 split sg and rules
74ef0ce
@patrykorwat patrykorwat mentioned this issue Jul 1, 2020
Merged
sergeylanzman added a commit that referenced this issue Jul 1, 2020
@sergeylanzman
Merge pull request #538 from meshuga/separate_sg_rules
0895094 
#493 split sg and rules
@chenrui333 chenrui333 mentioned this issue Dec 4, 2020
Closed
@bmj8409
Copy link

bmj8409 commented Nov 9, 2023
edited
Loading

Should this be revisited now that Terraform has yet another way to define the rule resources.....

aws_vpc_security_group_ingress_rule

aws_vpc_security_group_egress_rule

@nitrocode nitrocode mentioned this issue Jan 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#493 split sg and rules patrykorwat/terraformer
3 participants
@patrykorwat @iwasnobody @bmj8409