Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Dynamic Security Group Association for VPC Endpoint Interface #10429

Closed
ben3683914 opened this issue Oct 9, 2019 · 9 comments · Fixed by #13737
Closed

Feature Request: Dynamic Security Group Association for VPC Endpoint Interface #10429

ben3683914 opened this issue Oct 9, 2019 · 9 comments · Fixed by #13737
Labels
enhancement Requests to existing resources that expand the functionality or scope. new-resource Introduces a new resource. service/ec2 Issues and PRs that pertain to the ec2 service.
Milestone
v4.6.0

Comments

@ben3683914
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I'm hoping to get a feature added to dynamically add security groups to a VPC Endpoint Interface. An example of something similar would be how security group rules can be added using aws_security_group_rule.

New or Affected Resource(s)

  • aws_vpc_endpoint_security_group_association

Potential Terraform Configuration

resource "aws_vpc_endpoint" "this" {
  vpc_id            = "vpc-myvpc"
  service_name      = "com.amazonaws.us-west-2.sns"
  vpc_endpoint_type = "Interface"

  subnet_ids = [
    "subnet-mysubnet1",
    "subnet-mysubnet2"
  ]

  private_dns_enabled = true
}

resource "aws_vpc_endpoint_security_group_association" "this-securitygroup-one" {
  vpce_id        = "${aws_vpc_endpoint.this.id}"
  source_security_group_id = "sg-securitygroupone"
}

resource "aws_vpc_endpoint_security_group_association" "this-securitygroup-two" {
  vpce_id        = "${aws_vpc_endpoint.this.id}"
  source_security_group_id = "sg-securitygrouptwo"
}

resource "aws_vpc_endpoint_security_group_association" "this-securitygroup-three" {
  vpce_id        = "${aws_vpc_endpoint.this.id}"
  source_security_group_id = "sg-securitygroupthree"
}
@ben3683914 ben3683914 added the enhancement Requests to existing resources that expand the functionality or scope. label Oct 9, 2019
@ghost ghost added the service/ec2 Issues and PRs that pertain to the ec2 service. label Oct 9, 2019
@ben3683914 ben3683914 changed the title Dynamic Security Group Association for VPC Endpoint Interface Feature Request: Dynamic Security Group Association for VPC Endpoint Interface Oct 9, 2019
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 9, 2019
@ewbankkit
Copy link
Contributor

ewbankkit commented Oct 9, 2019
edited
Loading

@ben3683914 Thanks for opening this feature request.
Looking back at the initial implementation of interface VPC endpoints I see this comment about why we didn't initially add a aws_vpc_endpoint_security_group_association resource.
Where I wrote

but instead to require at least one subnet ID

I think I must have meant

but instead to require at least one security group ID

I will take a look and see those observations are still valid.

@ewbankkit
Copy link
Contributor

@ben3683914 I verified it's still the case that if no security groups are specified during VPC endpoint creation that the VPC's default security group is associated with the endpoint.

@ben3683914
Copy link
Author

I don't believe I actually need this use case anymore, but I was running down the potential of it where we would need to add multiple security groups to the vpc endpoint dynamically based on how we had written other pieces of our terraform.

Maybe I'm misunderstanding, but couldn't you have it create it using the default security group of the VPC, but still allow adding of groups dynamically?

@vidyadhar7am
Copy link

vidyadhar7am commented Mar 11, 2020
edited
Loading

Hi All,
right now m stuck in mid of same requirement.
Where i need to use my newly created SG(via terraform) as an Interface to one of the existing vpc_endpoint.
so can make use of above scenario? or if any further modifications required regards to adding any missing contents?

@vidyadhar7am
Copy link

also ended up with an error "Provider doesn't support resource: aws_vpc_endpoint_security_group_association" when tried to make use of above scenario..

@ewbankkit ewbankkit self-assigned this Jun 12, 2020
@ewbankkit ewbankkit added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 12, 2020
@ewbankkit ewbankkit mentioned this issue Jun 12, 2020
Merged
@DarkArc-Github
Copy link

DarkArc-Github commented Mar 18, 2021
edited
Loading

Also waiting for this resource. I'm stuck at the AWSTransferFamily server that creates a VPC endpoint but the current resource doesn't provide any param to specify the SG.
this could have helped me to attach SG to the endpoint.

@ewbankkit ewbankkit removed their assignment Nov 11, 2021
@breathingdust
Copy link
Member

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

@github-actions github-actions bot added this to the v4.6.0 milestone Mar 15, 2022
@github-actions
Copy link

This functionality has been released in v4.6.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

github-actions bot commented May 7, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. new-resource Introduces a new resource. service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
v4.6.0
Development

Successfully merging a pull request may close this issue.

New resource aws_vpc_endpoint_security_group_association ewbankkit/terraform-provider-aws
5 participants
@breathingdust @ben3683914 @ewbankkit @DarkArc-Github @vidyadhar7am