update/adding-security-rule

[omartehsin1]

Summary | Résumé

Lambda function kept timing out, this is likely due to the egress rule not being configured so there were no outbound connections to the internet.

[github-actions[bot]]

Production: vpc

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success ⚠️   WARNING: resources will be destroyed by this change!

Plan: 5 to add, 0 to change, 2 to destroy

Show plan

```terraform Resource actions are indicated with the following symbols: + create -/+ destroy and then create replacement Terraform will perform the following actions: # aws_security_group.efs_access_sg must be replaced -/+ resource "aws_security_group" "efs_access_sg" { ~ arn = "arn:aws:ec2:ca-central-1:414662622316:security-group/sg-033c29e939a74c39b" -> (known after apply) ~ description = "SG for Lambda" -> "SG for EFS" # forces replacement ~ egress = [] -> (known after apply) ~ id = "sg-033c29e939a74c39b" -> (known after apply) ~ ingress = [ - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "Enables inbound traffic to the Network File System" - from_port = 2049 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 2049 }, ] -> (known after apply) name = "efs_access_sg" + name_prefix = (known after apply) ~ owner_id = "414662622316" -> (known after apply) - tags = {} -> null ~ tags_all = {} -> (known after apply) # (2 unchanged attributes hidden) } # aws_security_group.lambda_access_sg will be created + resource "aws_security_group" "lambda_access_sg" { + arn = (known after apply) + description = "Security group for Lambda" + egress = (known after apply) + id = (known after apply) + ingress = (known after apply) + name = "lambda_sg" + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags_all = (known after apply) + vpc_id = "vpc-0ee2f732c70d5e17b" } # aws_security_group_rule.efs_ingress must be replaced -/+ resource "aws_security_group_rule" "efs_ingress" { - cidr_blocks = [ - "0.0.0.0/0", ] -> null # forces replacement ~ id = "sgrule-2256891208" -> (known after apply) ~ security_group_id = "sg-033c29e939a74c39b" -> (known after apply) # forces replacement ~ security_group_rule_id = "sgr-08fed6fdc8995cdb1" -> (known after apply) + source_security_group_id = (known after apply) # forces replacement # (6 unchanged attributes hidden) } # aws_security_group_rule.lambda_egress will be created + resource "aws_security_group_rule" "lambda_egress" { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allows outbound connections to the internet" + from_port = 443 + id = (known after apply) + protocol = "tcp" + security_group_id = (known after apply) + security_group_rule_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 443 + type = "egress" } # aws_security_group_rule.lambda_ingress will be created + resource "aws_security_group_rule" "lambda_ingress" { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Ingress from the lambda security group" + from_port = 443 + id = (known after apply) + protocol = "tcp" + security_group_id = (known after apply) + security_group_rule_id = (known after apply) + self = false + source_security_group_id = (known after apply) + to_port = 443 + type = "ingress" } Plan: 5 to add, 0 to change, 2 to destroy. Changes to Outputs: ~ aws_security_group_ids = "sg-033c29e939a74c39b" -> (known after apply) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_security_group.efs_access_sg"] WARN - plan.json - main - Missing Common Tags: ["aws_security_group.lambda_access_sg"] 19 tests, 17 passed, 2 warnings, 0 failures, 0 exceptions ```