pulumi-aws icon indicating copy to clipboard operation
pulumi-aws copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Provide a recommended way to work with Security groups

Open t0yv0 opened this issue 10 months ago • 4 comments

aws.ec2.SecurityGroup could use some cleanup to provide unambiguous user guidance on which usage is recommended and which is deprecated.

Some specifics:

  • https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygroup/ has fields which conflict with
  • https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygrouprule/ which has fields which conflict with
  • https://www.pulumi.com/registry/packages/aws/api-docs/vpc/securitygroupingressrule/ ^ which isn't in the ec2 module

t0yv0 avatar Apr 11 '24 14:04 t0yv0

History: https://github.com/pulumi/pulumi-aws/commit/1eaf9df6ac5eba2216ef681dc3948c95ce432703

Looks like some research is needed to inform direction here as taking a different guess as to which way of using the resources is canonical from what upstream is doing will put us in a position where we're not receiving functionality from upstream but having to maintain bw-compat on what upstream is deprecating or discouraging.

t0yv0 avatar Apr 12 '24 17:04 t0yv0

Related: https://github.com/pulumi/pulumi-aws/issues/3788

t0yv0 avatar Apr 22 '24 17:04 t0yv0

Related: https://github.com/pulumi/pulumi-aws/issues/1387 (import, refresh)

t0yv0 avatar Apr 22 '24 21:04 t0yv0

Some follow up from https://github.com/pulumi/pulumi-aws/issues/2246 : the solution here is needs to fix managed_policy_arn import that happens from a Role and breaks the intended invariant. Any fixes are likely breaking.

Also note for consideration suggested by @pierskarsenbarg - recommending to use more resources has cost implications in per-resource pricing.

t0yv0 avatar Apr 24 '24 18:04 t0yv0