Open
Description
Right now we have:
deployment.ec2.securityGroups = mkOption {
default = [ "default" ];
example = [ "my-group" "my-other-group" ];
type = types.listOf (types.either types.str (resource "ec2-security-group"));
apply = map (x: if builtins.isString x then x else x.name);
description = ''
Security groups for the instance. These determine the
firewall rules applied to the instance.
'';
};
deployment.ec2.securityGroupIds = mkOption {
default = [ "default" ];
type = types.listOf types.str;
description = ''
Security Group IDs for the instance. Necessary if starting
an instance inside a VPC/subnet. In the non-default VPC, security
groups needs to be specified by ID and not name.
'';
};
This is hard to understand. In which cases should I used securityGroups, and in which securityGroupIds?
- The docs of the latter say
Necessary if starting an instance inside a VPC/subnetbut that seems wrong: UsingsecurityGroups = ["nixops"]after having declared aresources.ec2SecurityGroups."nixops".name = "nixops"works. - If I do
deployment.ec2.securityGroupIds = ["nixops"]or even["garbage"], then it uses thedefaultsecurity group instead of complaining. Is that intended? - We should add some examples, ideally also one that shows how to use the type
resource "ec2-security-group"approach, referring to aresources.ec2SecurityGroups. And also an example to make super clear thatsecurityGroupIdsshould probably start withsg-.
Metadata
Metadata
Assignees
Labels
No labels