Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make security_group_id configurable on ec2_instance #1137

Open
n1hility opened this issue Jan 17, 2023 · 0 comments
Open

Make security_group_id configurable on ec2_instance #1137

n1hility opened this issue Jan 17, 2023 · 0 comments
Labels
feature

Comments

@n1hility
Copy link

Description

Add a security_group_id to ec2_instance to allow for usage of a non-default security group.

Context

The main use case is to be able to additionally firewall a particular instance type where you have mixed configurations. As an example you may wish to allow inbound traffic to linux nodes, but drop everything going to windows nodes.

It appears this might have been considered in the past, but lost out to subnets:
#1026

While you could achieve a similar solution using an ACL on a non-default subnet, subnets lock you into a single availability zone. The AWS docs warn that a zone may refuse to schedule if a capacity limit is reached (or of course if there is an outage). Additionally you have the maintenance burden of carving up CIDR blocks vs a more generic, reusable default subnet pool.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@n1hility