🚀 Enhancements
Feat: Use Security Group Module; Restrict MSK Ingress Based on Enabled Protocols @korenyoni (#44)
what
- Use standardized Cloud Posse Security Group convention (https://github.com/cloudposse/terraform-aws-security-group)
- Restrict Security Group Ingress based on enabled MSK protocols.
- Bump minimum Terraform version to support SG module.
why
- The new Security Group standards include an input
var.associated_security_group_idswhich allows additional security groups to be associated with the MSK brokers, removing the need forvar.broker_node_security_groups, hence why #41 is superseded by this PR. - The Security Groups needs to be restricted based on which protocols are enabled.
- Abstract unnecessary SG-related logic (especially present when dynamically enabling or disabling various protocols for both SG-based and CIDR-based SG rules) via SG module.
references
- co-authored by @nitrocode
- Supersedes and closes #41
- Closes #5
- Closes #16
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#security_groups
- https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html#port-info
- Similar PR: cloudposse/terraform-aws-elasticache-redis#133