Document Egress+VPC change, update link

This commit is contained in:
Clint Shryock 2015-05-01 10:07:46 -05:00
parent 1558fd1c3e
commit b145ce88b7
2 changed files with 18 additions and 5 deletions

View File

@ -148,12 +148,12 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
securityGroupOpts := &ec2.CreateSecurityGroupInput{}
if v := d.Get("vpc_id"); v != nil {
if v := d.Get("vpc_id"); v != nil {
if len(d.Get("egress").(*schema.Set).List()) == 0 {
return fmt.Errorf("Error creating Security Group: Security groups inside a VPC require an egress rule. See https://terraform.io/why.html")
return fmt.Errorf("Error creating Security Group: Security groups inside a VPC require an egress rule. See http://localhost:4567/docs/providers/aws/r/security_group.html for more information.")
}
securityGroupOpts.VPCID = aws.String(v.(string))
securityGroupOpts.VPCID = aws.String(v.(string))
}
if v := d.Get("description"); v != nil {

View File

@ -63,9 +63,8 @@ The following arguments are supported:
* `description` - (Required) The security group description.
* `ingress` - (Optional) Can be specified multiple times for each
ingress rule. Each ingress block supports fields documented below.
* `egress` - (Optional) Can be specified multiple times for each
* `egress` - (Required, VPC only) Can be specified multiple times for each
egress rule. Each egress block supports fields documented below.
VPC only.
* `vpc_id` - (Optional) The VPC ID.
* `tags` - (Optional) A mapping of tags to assign to the resource.
@ -93,6 +92,20 @@ The `egress` block supports:
a source to this egress rule.
* `to_port` - (Required) The end range port.
~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
new Security Group inside of a VPC. When creating a new Security
Group inside a VPC, **Terraform will remove this default rule**, and require you
specifically re-create it if you desire that rule. We feel this leads to fewer
surprises in terms of controlling your egress rules. If you desire this rule to
be in place, you can use this `egress` block:
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
}
## Attributes Reference
The following attributes are exported: