Switch to using aws_vpc_security_group_ingress_rule for ingress on aws_security_group.sg
#160
Comments
JoeJasinski
changed the title
aws_vpc_security_group_ingress_rule for ingress on aws_security_group.sg
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all, I believe that the aws_security_group.sg resource can be optimized to make more stable state calculations.
I believe that the AWS TF module recommends using individual rule resources for
vpc_security_group_ingress_rulefor defining security group ingresses. That way, a change to a single rule won't update every existing (untouched) rules in the security group.For example, changing
vars.allow_weka_api_cidrsinvalidates ALL of the security group rules rather than just the one affecting given setting. Defining the rules as separateaws_vpc_security_group_ingress_ruleresources would solve that problem.aws_security_group.sg.Here's the related code.
terraform-aws-weka/modules/security_group/main.tf
Line 7 in 4660301
Here's the docs to the AWS resource
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule
The text was updated successfully, but these errors were encountered: