search

aws / copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.
https://aws.github.io/copilot-cli/
Apache License 2.0
3.52k stars 417 forks source link

Ability to specify additional security group to App Runner VPC Connector #3504

Open toshitanian opened 2 years ago

toshitanian commented 2 years ago

In network section of Request-Driven Web Service, we can enable VPC connection of App Runner. It adds App Runner service's security group by default as the cfn configuration as below. This is enough in most cases but I want to add extra security group to the network.

  VpcConnector:
    Type: AWS::AppRunner::VpcConnector
    DependsOn: EnvControllerAction # Ensure NAT gateways are created before connecting to a VPC.
    Properties:
      Subnets:
        Fn::Split:
          - ","
          - Fn::ImportValue:
              !Sub '${AppName}-${EnvName}-PrivateSubnets'
      SecurityGroups:
      - !Ref ServiceSecurityGroup

The security group is copilot's environment wise security group ${App}-${Env}-EnvironmentSecurityGroup. It's nice if we can add extra security group in the network section. Below is just one idea.

network:
  vpc:
    placement: 'private'
  extra_security_group:
    - sg-xxxxxxxx
    - sg-yyyyyyyy
iamhopaul123 commented 2 years ago

Hello @toshitanian. The request makes sense to me. We have very similar field for Load Balanced Web Service. It seems like we just need to create its counterpart for Request-Driven Web Service as well.

toshitanian commented 2 years ago

@iamhopaul123 Sounds good! Hope it will be get available 👍