search

amplify-education / serverless-vpc-discovery

Serverless plugin for discovering VPC / Subnet / Security Group configuration by name.
MIT License
38 stars 15 forks source link

Use tag:Name to search for security groups #12

Closed delkopiso closed 5 years ago

delkopiso commented 6 years ago

For the vpc and subnets we use tag:Name to specify which resources we're interested in. There's no reason that I see for why we need to veer away from that and use group-name for security groups.

jconstance-amplify commented 6 years ago

Thanks for the pull request!

I'd be a bit worried about breaking this for other users, but I do appreciate the desire for consistency.

How do you feel about adding configuration options for the tag that should be looked up, and leaving the defaults as they are? Then we don't break this for others but we do allow people to have consistency in their configuration if they want.

delkopiso commented 6 years ago

Configuration sounds like a good idea, but I think the current behavior is misleading.

The worry about this breaking change is why we employ semantic versioning. This can be published under a new major version, and allow anyone to adopt it when ready.

lucasklaassen commented 6 years ago

@jconstance-amplify It looks like we aren't utilizing the github release feature that can keep track of these versions and document them here: https://github.com/amplify-education/serverless-vpc-discovery/releases

jconstance-amplify commented 6 years ago

@delkopiso Do you want to add support for configuration and then we can release this under a new major version?

@lucasklaassen Right now we automatically release on merge to master, so we haven't really bothered with Github releases. Maybe something we can think about though.

bradennapier commented 5 years ago

Why not look at tag:Name then group name if it fails? Definitely need this - i dynamicaly create these things so right now i have to manually look up the groupName that is created which changes whenever i do a full provision of my CF Stack - but i generate naming conventions that match across vpc, subnets, and sg.

This requires hard-coded values which is not ideal

services:
    subnet_private_one: services-subnet-private-1-${self:custom.env.stage}
    subnet_private_two: services-subnet-private-2-${self:custom.env.stage}
    subnet_public_one: services-subnet-public-1-${self:custom.env.stage}
    subnet_public_two: services-subnet-public-2-${self:custom.env.stage}
    vpc_name: services-vpc-${self:custom.env.stage}
  securityGroup:
    prod: services-critical-prod-ServerlessSecurityGroup-OIU79879HK
    development: services-critical-development-ServerlessSecurityGroup-JKHKJ789754
  vpc:
    vpcName: ${self:custom.services.vpc_name}
    subnetNames:
      - ${self:custom.services.subnet_private_one}
      - ${self:custom.services.subnet_private_two}
    securityGroupNames:
      - ${self:custom.securityGroup.${self:custom.env.stage}}