ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document Egress+VPC change, update link

This commit is contained in:
Clint Shryock 2015-05-01 10:07:46 -05:00
parent 1558fd1c3e
commit b145ce88b7
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/providers/aws/resource_aws_security_group.go
View File

@ -148,12 +148,12 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
securityGroupOpts := &ec2.CreateSecurityGroupInput{} securityGroupOpts := &ec2.CreateSecurityGroupInput{}
if v := d.Get("vpc_id"); v != nil { if v := d.Get("vpc_id"); v != nil {
if len(d.Get("egress").(*schema.Set).List()) == 0 { if len(d.Get("egress").(*schema.Set).List()) == 0 {
return fmt.Errorf("Error creating Security Group: Security groups inside a VPC require an egress rule. See https://terraform.io/why.html") return fmt.Errorf("Error creating Security Group: Security groups inside a VPC require an egress rule. See http://localhost:4567/docs/providers/aws/r/security_group.html for more information.")
} }
securityGroupOpts.VPCID = aws.String(v.(string)) securityGroupOpts.VPCID = aws.String(v.(string))
} }
if v := d.Get("description"); v != nil { if v := d.Get("description"); v != nil {

17
website/source/docs/providers/aws/r/security_group.html.markdown
View File

@ -63,9 +63,8 @@ The following arguments are supported:
* `description` - (Required) The security group description. * `description` - (Required) The security group description.
* `ingress` - (Optional) Can be specified multiple times for each * `ingress` - (Optional) Can be specified multiple times for each
ingress rule. Each ingress block supports fields documented below. ingress rule. Each ingress block supports fields documented below.
* `egress` - (Optional) Can be specified multiple times for each * `egress` - (Required, VPC only) Can be specified multiple times for each
egress rule. Each egress block supports fields documented below. egress rule. Each egress block supports fields documented below.
VPC only.
* `vpc_id` - (Optional) The VPC ID. * `vpc_id` - (Optional) The VPC ID.
* `tags` - (Optional) A mapping of tags to assign to the resource. * `tags` - (Optional) A mapping of tags to assign to the resource.
@ -93,6 +92,20 @@ The `egress` block supports:
a source to this egress rule. a source to this egress rule.
* `to_port` - (Required) The end range port. * `to_port` - (Required) The end range port.
~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
new Security Group inside of a VPC. When creating a new Security
Group inside a VPC, **Terraform will remove this default rule**, and require you
specifically re-create it if you desire that rule. We feel this leads to fewer
surprises in terms of controlling your egress rules. If you desire this rule to
be in place, you can use this `egress` block:
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
}
## Attributes Reference ## Attributes Reference
The following attributes are exported: The following attributes are exported: