senza icon indicating copy to clipboard operation
senza copied to clipboard
verified publisher icon zalando-stups

Resolve security group names in the SecurityGroup definition

Open alterrebe opened this issue 9 years ago • 0 comments

As a follow up for https://github.com/zalando-stups/senza/issues/357

Unfortunately the changes don't help to define a new SecurityGroup that refers to an existing one. E.g. I need to create a security group (as a part of my stack). As a very essential part of the group I need to enable ssh from the Odd host. After the Odd host has become a part of its own stack, its security group name appears as a dynamic name that looks like Odd-OddSecurityGroup-14OUA2EZ2C3RO. To refer to it w/o editing the Senza YAML every time, I need to do this:

      Type: AWS::EC2::SecurityGroup
      Properties:
         GroupDescription: ElasticSearch master or data node
         Tags:
            - Key: "Name"
              Value: "{{Arguments.AppId}}"
         SecurityGroupIngress:
         -  IpProtocol: tcp
            FromPort: 22
            ToPort: 22
            SourceSecurityGroupId: "{{Arguments.OddSG}}"
     ...

Where OddSG argument is defined as a result for ad-hoc query:

ODD_GROUP_ID=$(aws cloudformation describe-stack-resources --region ${REGION} --stack-name Odd |
               jq -r '.[][] | select(.LogicalResourceId == "OddSecurityGroup") | .PhysicalResourceId')

It looks really ugly :(

Is it possible to use some custom attribute name (instead of SourceSecurityGroupName) to make Senza to lookup the name (by the tag 'Name', of course)?

alterrebe avatar Oct 24 '16 08:10 alterrebe