allowed_security_groups not working as intended
major0 opened this issue · comments
Describe the Bug
The allowed_security_groups does not allow passing an SG to allow specific traffic from specific IPs. E.g. for dev testing in a dev environment.
The problem is that the allowed_security_group id's are being attached as a source for the default security group, which makes little to no sense. These ID's should be passed to aws_docdb_cluster directly:
E.g.
vpc_security_group_ids = concat(join("", aws_security_group.default[*].id)], var.allowed_security_groups)Expected Behavior
I expect that should I pass an allowed_security_group id that the rules in that security group would be applied.
Steps to Reproduce
Simply pass a security group that allows ingress from an IP range and test, it wont work.
Screenshots
No response
Environment
No response
Additional Context
No response
@major0 this flag is working as intended. The list that is passed in is a list of security groups that will be allowed into the documentDB's created security group.
It sounds like what you are looking for is a parameter to specify external_security_group_id_list like what was added in #69. Unfortunately this merge didn't trigger an auto-release, still not sure why, so please reference the latest commit as your module version to test it out. If it's what you need I can look into manually creating a release including it.
If what you're looking for is something different, then I'd be happy to review a contribution which adds it.
Similar thing happen to me. I created a security group and gave as dependency to that module. Unfortunately it doesn't pick the sg that i gave. It picked the sg that created automatically. I tried to change sg manually. When i applied it again , it takes auto created sg again. So I used external_security_group_id_list. That solved my problem. However 2 security group added to my cluster. Auto created sg has no inbound so it doesnt change anything.
1-) Auto created sg
2-) My sg