Resolve hostname to ip/ip's

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.77k stars 9.12k forks source link

Resolve hostname to ip/ip's #7658

Closed ghost closed 5 years ago

ghost commented 5 years ago

This issue was originally opened by @acim as hashicorp/terraform#20444. It was migrated here as a result of the provider split. The original body of the issue is below.

Current Terraform Version

Terraform v0.11.11
+ provider.aws v1.59.0
+ provider.bitbucket v1.0.0
+ provider.mongodbatlas (unversioned)

Use-cases

From resources like aws_db_instance and aws_rds_cluster I can get out just endpoint addresses, so hostnames, but no IP addresses. It would be nice to resolve these somehow in order to get IP addresses or CIDR's in order to use them as variables for security groups, etc.

Attempted Solutions

Proposal

References

blckct commented 5 years ago

Is there any specific reason why you need an IP in security group instance of using the databases sg? And those IPs could change: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html

we strongly recommend that you use the DNS name to connect to your DB instance because the underlying IP address can change during failover.

acim commented 5 years ago

I want to restrict access for example from my dev server just to dev rds instance. For this I need CIDR, basically hostIP/32. Also in security group of dev RDS server in ingress I want ro allow access just to my dev app server. Unfortunatelly you can’t have hostnames in security groups or at least I am not aware of that. And when I connect from my app, I use the endpoint name, of course. This is just about the firewall part.

blckct commented 5 years ago

But you can allow a connection from a specific group by groupname without specifying ip

On Sun, 24 Feb 2019, 00:51 Boban Acimovic, notifications@github.com wrote:

I want to restrict access for example from my dev server just to dev rds instance. For this I need CIDR, basicallyhost IP/32. Also in security group of dev RDS serves in ingress I want ro allow access just to my dev app server. Unfortunatelly you can’t have hostnames in security groups or at least I am not aware of that. And when I connect from my app, I use the endpoint name, of course. This is just about the firewall part.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-aws/issues/7658#issuecomment-466713926, or mute the thread https://github.com/notifications/unsubscribe-auth/AMQTbjDKNhtv_le_AbUOtBOSteEaJOabks5vQdP2gaJpZM4bM5V2 .

acim commented 5 years ago

I see now, thank you 👍

https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/examples/computed/main.tf

blckct commented 5 years ago

@bflad I think this issue can be closed.

acim commented 5 years ago

Correct, thank you 👍

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!