We are revising and standardizing our handling of security groups and security group rules across all our Terraform modules. This is an early attempt with significant breaking changes. We will make further breaking changes soon, so using this version is not recommended.
If there is something not documented here, please let us know by filing a ticket.
Previous security group name no longer ends with security group has moved
default Note: The list must have the same json keys per index
security group rules have been moved
Note: since the new security group rule names are generated upon a plan, the plan will need to be run first to generate the new names in order to move the rules. Replace Breaking changes
var.security_groups
is removed in favor of the security group module's var.security_group_rules
which can contain a single source_security_group_id
per rule
var.allowed_cidr_blocks
is removed in favor of the security group module's var.security_group_rules
which can contain a cidr_blocks
-efs
and this will cause a recreation of the security group
attributes = ["efs"]
on this module and it should keep the original name
terraform state mv \
"module.efs.aws_security_group.efs[0]" \
"module.efs.module.security_group.aws_security_group.default[0]"
security_group_rules
does not allow ingress specifically for port 2049
but this can be added manually.
security_group_rules = [
{
type = "egress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
source_security_group_id = null
description = "Allow all outbound traffic"
},
{
type = "ingress"
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = []
source_security_group_id = local.security_group_id # provide existing security group or comment out this rule
description = "Allow inbound traffic from existing security groups"
},
{
type = "ingress"
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = [] # provide cidr blocks or comment out this rule
source_security_group_id = null
description = "Allow inbound traffic from CIDR blocks"
}
]
someguid
with the appropriate value.
terraform state mv \
'module.efs.aws_security_group_rule.egress[0]' \
'module.efs.module.security_group.aws_security_group_rule.default["egress--1-0-65535-someguid"]'
terraform state mv \
'module.efs.aws_security_group_rule.ingress_security_groups[0]' \
'module.efs.module.security_group.aws_security_group_rule.default["ingress-tcp-2049-2049-someguid"]'
terraform state mv \
'module.efs.aws_security_group_rule.ingress_cidr_blocks[0]' \
'module.efs.module.security_group.aws_security_group_rule.default["ingress-tcp-2049-2049-someguid"]'