Open OlafConijn opened 4 years ago
Why we cannot call this ::DefaultVPC
? Then manage the default VPC (and maybe subnet, etc) using that resource
Because of the create semantics. You can't create a default VPC if its already there (so adding the resource would fail by default). Removing the resource shouldn't remove something that was not created by the resource.
One could say that what are you creating is a DefaultVPC free region/account. Something i believe a lot of people see as a (it sec) best practice.
If there is a usecase to manage the default VPC i think that should be a different type of resource. The resource used to change/manage the default vpc should not create/delete the default VPC.
This resource needs to have the replacement strategy set to delete_then_create
(when this PR has been merged), otherwise updating the logical identifier will fail (because the last action will be putting back the default VPC).
The Community::EC2::NoDefaultVpc resource can be used to remove the Default VPC.
If the resource is created or
DeleteDefaultVPC
is set totrue
the default VPC in the current region is deleted If the resource is deleted orDeleteDefaultVPC
is set tofalse
a default VPC in the current region is created :-)questions:
DeleteDefaultVPC
or can we do wihtout?