-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates to operation mode, SGs, cluster type, and additional flags. #57
Conversation
...tabricks_workspace/workspace_security_modules/cluster_configuration/cluster_configuration.tf
Outdated
Show resolved
Hide resolved
@metrocavich - mind taking a look on the nitro update? |
All looks good to me now. (And I really looked for something else to comment on...) |
aws/tf/modules/sra/network.tf
Outdated
@@ -67,4 +70,15 @@ resource "aws_security_group" "sg" { | |||
tags = { | |||
Name = "${var.resource_prefix}-data-plane-sg" | |||
} | |||
} | |||
|
|||
resource "aws_security_group_rule" "esc_conditional_egress" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like AWS advises against using a aws_security_group_rule
with an aws_security_group
that contains inline rules like the sg
resource above. One way to work around the issue is to remove the aws_security_group_rule
and add another dynamic
block to sg
where the for_each
is something like this: for_each = [for x in [var.compliance_security_profile ? 2443 : null]: x]
. It isn't the most aesthetically pleasing since TF isn't great with conditional logic. Maybe always including a rule to port 2443 outweighs adding this type of logic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good call - let me explore this
@db-wenxin + @ryan-gord-db - check out the changes to the SG rules in network.tf I added dynamic rules in the existing block now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR addresses the following issues:
New Additions: