Community::EC2::NoDefaultVPC Resource

org-formation / aws-resource-providers

A community driven repository where you can find AWS Resource Type Providers for different purposes (including org-formation ones).

MIT License

88 stars 21 forks source link

Community::EC2::NoDefaultVPC Resource #19

Open OlafConijn opened 4 years ago

OlafConijn commented 4 years ago

The Community::EC2::NoDefaultVpc resource can be used to remove the Default VPC.

Type: Community::EC2::NoDefaultVPC
Properties:
 DeleteDefaultVPC: true| false #default is true

If the resource is created or DeleteDefaultVPC is set to true the default VPC in the current region is deleted If the resource is deleted or DeleteDefaultVPC is set to false a default VPC in the current region is created :-)

questions:

should there be a DeleteDefaultVPC or can we do wihtout?

eduardomourar commented 3 years ago

Why we cannot call this ::DefaultVPC? Then manage the default VPC (and maybe subnet, etc) using that resource

OlafConijn commented 3 years ago

Because of the create semantics. You can't create a default VPC if its already there (so adding the resource would fail by default). Removing the resource shouldn't remove something that was not created by the resource.

One could say that what are you creating is a DefaultVPC free region/account. Something i believe a lot of people see as a (it sec) best practice.

If there is a usecase to manage the default VPC i think that should be a different type of resource. The resource used to change/manage the default vpc should not create/delete the default VPC.

eduardomourar commented 3 years ago

This resource needs to have the replacement strategy set to delete_then_create (when this PR has been merged), otherwise updating the logical identifier will fail (because the last action will be putting back the default VPC).