How to setup idempotent ingress/egress on Security Groups with Terraform
HTML-код
- Опубликовано: 11 окт 2024
- In this episode, I look into how to setup ingress and egress properties to AWS Security Groups with Terraform that will allow for granular reporting of infrastructure changes. Embedded ingress and egress properties on AWS Security Groups sometimes enable unnecessary reporting of changes to AWS Security Group resources. On this episode, I look into how to setup these properties better than embedding them.
Check out learn.pablossp... for curated list of video materials.
=================================
If you wish to support me, I have a kofi page: ko-fi/pablosspot
even i know this things, i watch your videos for entertaiment and for a way i can explain to others this knowleage
Great info, thanks! Glad to see you back :)
Would "lifecycle { create before destroy = true } work here as well or no?
good question, if I remember well, it wouldn't work
I think this lifecycle will try to create the resource first then destroy which would fail because it will try to create for a resource that already exists.
It's a good and clean solution but there is a downside, in case there are multiple rules and multiple sub nets, each new sub net could exceed the rules limit on the security group
This one is very true. You may not know outright when you exceed the rule limit although i would imagine this could be trapped when updating the infrastructure. If you deal with multiple subnets, 60 CIDR blocks can easily creep up on you which I suppose can be adjusted by requesting a limit change.
Thanks. Its great 👍 👌