aws-resource-providers icon indicating copy to clipboard operation
aws-resource-providers copied to clipboard

Published 20 hours ago verified publisher icon org-formation

Community::EC2::NoDefaultVPC Resource

Open OlafConijn opened this issue 4 years ago • 3 comments

The Community::EC2::NoDefaultVpc resource can be used to remove the Default VPC.

Type: Community::EC2::NoDefaultVPC
Properties:
 DeleteDefaultVPC: true| false #default is true

If the resource is created or DeleteDefaultVPC is set to true the default VPC in the current region is deleted If the resource is deleted or DeleteDefaultVPC is set to false a default VPC in the current region is created :-)

questions:

  • should there be a DeleteDefaultVPC or can we do wihtout?

OlafConijn avatar Sep 07 '20 18:09 OlafConijn

Why we cannot call this ::DefaultVPC? Then manage the default VPC (and maybe subnet, etc) using that resource

eduardomourar avatar Sep 08 '20 16:09 eduardomourar

Because of the create semantics. You can't create a default VPC if its already there (so adding the resource would fail by default). Removing the resource shouldn't remove something that was not created by the resource.

One could say that what are you creating is a DefaultVPC free region/account. Something i believe a lot of people see as a (it sec) best practice.

If there is a usecase to manage the default VPC i think that should be a different type of resource. The resource used to change/manage the default vpc should not create/delete the default VPC.

OlafConijn avatar Sep 08 '20 18:09 OlafConijn

This resource needs to have the replacement strategy set to delete_then_create (when this PR has been merged), otherwise updating the logical identifier will fail (because the last action will be putting back the default VPC).

eduardomourar avatar Oct 27 '20 20:10 eduardomourar