Comments (7)
bryantbiggs
commented on June 30, 2024
this is already supported today - we provide default values but users should specify their required security_group_ingress_rules to suite their needs. You can also provide your own security groups via security_groups
from terraform-aws-atlantis.
igorjanevski
commented on June 30, 2024
I don't think you provide those options. You maybe do on the ALB module but not on the Atlantis module. Check your variables.tf file and see for yourself.
If I add them, terraform validate doesn't pass:
igor.janevski@l-igojan-0q05n preprod % tfvalid
╷
│ Error: Unsupported argument
│
│ on shared/atlantis.tf line 60, in module "atlantis":
│ 60: security_groups = ""
│
│ An argument named "security_groups" is not expected here.
╵
igor.janevski@l-igojan-0q05n preprod % tfvalid
╷
│ Error: Unsupported argument
│
│ on shared/atlantis.tf line 60, in module "atlantis":
│ 60: security_group_ingress_rules = ""
│
│ An argument named "security_group_ingress_rules" is not expected here.
╵
igor.janevski@l-igojan-0q05n preprod %
from terraform-aws-atlantis.
bryantbiggs
commented on June 30, 2024
You haven't provided much, if any, information - this is what I went off of Currently the module creates ALB with a security group that's opened towards the world.
What I showed above is that we do support both setting custom security group rules, custom security groups, and replacing the default rules provided by the module. If you would like any further assistance, please provide a reproduction so we can properly triage and troubleshoot
from terraform-aws-atlantis.
igorjanevski
commented on June 30, 2024
If I use this module for Atlantis, I'd probably provide a configuration like the one below:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
name = "atlantis"
# ECS Container Definition
atlantis = {
environment = [
{
name = "ATLANTIS_GH_USER"
value = "myuser"
},
{
name = "ATLANTIS_REPO_ALLOWLIST"
value = "github.com/terraform-aws-modules/*"
},
]
secrets = [
{
name = "ATLANTIS_GH_TOKEN"
valueFrom = "arn:aws:secretsmanager:eu-west-1:111122223333:secret:aes256-7g8H9i"
},
{
name = "ATLANTIS_GH_WEBHOOK_SECRET"
valueFrom = "arn:aws:secretsmanager:eu-west-1:111122223333:secret:aes192-4D5e6F"
},
]
}
# ECS Service
service = {
task_exec_secret_arns = [
"arn:aws:secretsmanager:eu-west-1:111122223333:secret:aes256-7g8H9i",
"arn:aws:secretsmanager:eu-west-1:111122223333:secret:aes192-4D5e6F",
]
# Provide Atlantis permission necessary to create/destroy resources
tasks_iam_role_policies = {
AdministratorAccess = "arn:aws:iam::aws:policy/AdministratorAccess"
}
}
service_subnets = ["subnet-xyzde987", "subnet-slkjf456", "subnet-qeiru789"]
vpc_id = "vpc-1234556abcdef"
# ALB
alb_subnets = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
certificate_domain_name = "example.com"
route53_zone_id = "Z2ES7B9AZ6SHAE"
tags = {
Environment = "dev"
Terraform = "true"
}
}
This code would create the ALB along with the Security Group for the ALB, not allowing an option to provide security group rules. Right?
From your documentation, the only scenario where I can provide a custom Security Group is by using the following block:
create_alb = false
alb_target_group_arn = "arn:aws:elasticloadbalancing:eu-west-1:1234567890:targetgroup/bluegreentarget1/209a844cd01825a4"
alb_security_group_id = "sg-12345678"
which would also mean that the module will not create the ALB.
My question is, is there a scenario where the module will create the ALB and also allow me to provide the Security Group or Security Group rules for the same?
from terraform-aws-atlantis.
bryantbiggs
commented on June 30, 2024
and as I have stated, yes:
module "atlantis" {
source = "terraform-aws-modules/atlantis/aws"
...
alb = {
security_groups = {
example = "sg-1234567890"
}
security_group_ingress_rules = {
http = {
from_port = 1234
to_port = 1234
ip_protocol = "tcp"
cidr_ipv4 = "10.0.0.0/24"
}
}
security_group_egress_rules = {
all = {
ip_protocol = "-1"
cidr_ipv4 = "10.0.0.0/16"
}
}
}
}from terraform-aws-atlantis.
igorjanevski
commented on June 30, 2024
Got it, thx.
from terraform-aws-atlantis.
github-actions
commented on June 30, 2024
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from terraform-aws-atlantis.
Related Issues (20)
- Invalid index in module "ecs_service" in v 4.0.1 HOT 3
- security_group_egress_rules uses wrong input HOT 2
- Missing secretsmanager:GetSecretValue policy action HOT 2
- ATLANTIS_ATLANTIS_URL not correctly picked up from atlantis.fqdn HOT 3
- Job details lost after re-deployment HOT 2
- Document that setting ATLANTIS_GH_USER breaks the github app (ATLANTIS_GH_APP_ID / ATLANTIS_GH_APP_KEY) scenario HOT 2
- Atlantis default UID of 100 vs 1000 HOT 2
- Redeploying fargate atlantis task always breaks HOT 6
- atlantis_repo_allowlist format for Atlantis and the github_repository_webhooks HOT 2
- Do we need to call github_organization_webhook instead of github_repository_webhook for * ? HOT 1
- When EFS is Enabled, the Created EFS File System has an empty 'Name' Tag HOT 2
- The ALB Target Group Name is not set to the 'name' Variable HOT 2
- No possibility to pass a created SG for Atlantis ALB to ECS Service if we set var.create_alb = true, and var.alb.create_security_group = false HOT 1
- Just curious how to allow atlantis to comment on Bitbucket PRs using this tf module. HOT 3
- (re-open #384) atlantis_repo_allowlist format for Atlantis and the github_repository_webhooks HOT 4
- "Encountering 'Unsupported attribute' Errors with OIDC Configuration in AWS LB Listener" HOT 1
- Issues with ACM Certificate Validation Timeout and ECS Service Creation Due to Target Group Association HOT 7
- Secret manager version reported changes HOT 3
- Political ware breaks Atlantis module HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-atlantis.