Open nh2 opened 5 years ago
Hi, I agree, I had some problems with this, the key is:
If you don't attach a VPC, you won't see the issue. Once a VPC is attached, securityGroups will cease to work, you'll have to use securityGroupIds with a properly referenced resource or ID.
For example: deployment.ec2.securityGroupIds = [ resources.ec2SecurityGroups.some-group ]
is the approach where you use the resource type, it'll automatically put the sg-stuff for you.
I think there are examples in the repo, but those are not enough put in the website docs alas.
Right now we have:
This is hard to understand. In which cases should I used
securityGroups
, and in whichsecurityGroupIds
?Necessary if starting an instance inside a VPC/subnet
but that seems wrong: UsingsecurityGroups = ["nixops"]
after having declared aresources.ec2SecurityGroups."nixops".name = "nixops"
works.deployment.ec2.securityGroupIds = ["nixops"]
or even["garbage"]
, then it uses thedefault
security group instead of complaining. Is that intended?resource "ec2-security-group"
approach, referring to aresources.ec2SecurityGroups
. And also an example to make super clear thatsecurityGroupIds
should probably start withsg-
.