github cloudposse/terraform-aws-efs 0.31.0
v0.31.0 Unstable Pre-Release
on GitHub

latest releases: 1.1.0, v1, 1.0.0...
pre-release3 years ago

We are revising and standardizing our handling of security groups and security group rules across all our Terraform modules. This is an early attempt with significant breaking changes. We will make further breaking changes soon, so using this version is not recommended.

Breaking changes

If there is something not documented here, please let us know by filing a ticket.

  • Previous var.security_groups is removed in favor of the security group module's var.security_group_rules which can contain a single source_security_group_id per rule

  • var.allowed_cidr_blocks is removed in favor of the security group module's var.security_group_rules which can contain a cidr_blocks

  • security group name no longer ends with -efs and this will cause a recreation of the security group

    • Set attributes = ["efs"] on this module and it should keep the original name

  • security group has moved 

    terraform state mv \
  "module.efs.aws_security_group.efs[0]" \
  "module.efs.module.security_group.aws_security_group.default[0]"

  • default security_group_rules does not allow ingress specifically for port 2049 but this can be added manually.

    Note: The list must have the same json keys per index 

    security_group_rules = [
  {
    type                     = "egress"
    from_port                = 0
    to_port                  = 65535
    protocol                 = "-1"
    cidr_blocks              = ["0.0.0.0/0"]
    source_security_group_id = null
    description              = "Allow all outbound traffic"
  },
  {
    type                     = "ingress"
    from_port                = 2049
    to_port                  = 2049
    protocol                 = "tcp"
    cidr_blocks              = []
    source_security_group_id = local.security_group_id # provide existing security group or comment out this rule
    description              = "Allow inbound traffic from existing security groups"
  },
  {
    type                     = "ingress"
    from_port                = 2049
    to_port                  = 2049
    protocol                 = "tcp"
    cidr_blocks              = [] # provide cidr blocks or comment out this rule
    source_security_group_id = null
    description              = "Allow inbound traffic from CIDR blocks"
  }
]

  • security group rules have been moved

    Note: since the new security group rule names are generated upon a plan, the plan will need to be run first to generate the new names in order to move the rules. Replace someguid with the appropriate value. 

    terraform state mv \
  'module.efs.aws_security_group_rule.egress[0]' \
  'module.efs.module.security_group.aws_security_group_rule.default["egress--1-0-65535-someguid"]'
terraform state mv \
  'module.efs.aws_security_group_rule.ingress_security_groups[0]' \
  'module.efs.module.security_group.aws_security_group_rule.default["ingress-tcp-2049-2049-someguid"]'
terraform state mv \
  'module.efs.aws_security_group_rule.ingress_cidr_blocks[0]' \
  'module.efs.module.security_group.aws_security_group_rule.default["ingress-tcp-2049-2049-someguid"]'
feat: use security-group module instead of resource @SweetOps (#79)

what

  • use security-group module instead of resource
  • update tests

why

  • more flexible than current implementation
  • bring configuration of security group/rules to one standard

references

  • CPCO-409
Check out latest releases or
releases around cloudposse/terraform-aws-efs 0.31.0

Don't miss a new terraform-aws-efs release

NewReleases is sending notifications on new releases.

Get notifications