prozach
commented
7 years ago May we get a sanitized output of aws ec2 describe-security-groups for the securitygroup please? I've not seen this use case.
Open PeterHiggins opened 7 years ago
prozach
commented
7 years ago May we get a sanitized output of aws ec2 describe-security-groups for the securitygroup please? I've not seen this use case.
gederian
commented
7 years ago S3 endpoints? Hmm sockeye attached
On Jan 5, 2017 9:42 AM, "zleslie" notifications@github.com wrote:
May we get a sanitized output of aws ec2 describe-security-groups for the securitygroup please? I've not seen this use case.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/puppetlabs/puppetlabs-aws/issues/393#issuecomment-270707442, or mute the thread https://github.com/notifications/unsubscribe-auth/AThRIHwYCjt65GvRnmq3FJOfyKPkOjGOks5rPSuNgaJpZM4LbQuy .
daveseff
commented
7 years ago @PeterHiggins had explained this to me recently ( we work together ). Because our company insists on defining egress rules for our SGs, We have to account for S3 enpoints. I think what the module is missing is logic for PrefixListIds.
S3 endpoints cannot be added as a source/destination using the puppetlabs-aws module.
as an example running puppet resource against a security group with only a rule allowing egress to a s3 endpoint results in:
root@testymctesttest ~ # puppet resource ec2_securitygroup S3Test ec2_securitygroup { 'S3Test': ensure => 'present', description => 'Test for S3 Endpoint', egress => [{'from_port' => '443', 'protocol' => 'tcp', 'to_port' => '443'}], id => 'sg-abc123', region => 'ap-southeast-2', vpc => 'TEST VPC', }
note that the destination is entirely missing from the egress rule.