Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't specify security groups in AWS vm_types #1250

Closed
mtekel opened this issue May 3, 2016 · 2 comments
Closed

Can't specify security groups in AWS vm_types #1250

mtekel opened this issue May 3, 2016 · 2 comments

Comments

@mtekel
Copy link

mtekel commented May 3, 2016

In new cloud config for AWS, in vm_types, security_groups in cloud_properties are ignored. Other settings like iam_instance_profile or elbs are read and applied correctly. Nevertheless, when you do specify security_groups under a network definition in networks, they are read and applied correctly.

This means that to apply security groups to some VMs, you need to create artificial network definition (along everything that this brings - e.g. ensuring separate address ranges). It would be better if security_groups definition worked under vm_types - like it is documented:
https://bosh.io/docs/cloud-config.html#vm-types - "CPI specific" link for AWS links to https://bosh.io/docs/aws-cpi.html#resource-pools .

Resource pools do support specifying security groups (added in cloudfoundry/bosh-aws-cpi-release#28), but it seems the same feature is missing when using vm_types & cloud config.

BOSH version 255.8
@cppforlife
Copy link
Contributor

are using aws cpi 46+?

Sent from my iPhone

On May 3, 2016, at 8:27 AM, mtekel [email protected] wrote:

In new cloud config for AWS, in vm_types, security_groups in cloud_properties are ignored. Other settings like iam_instance_profile or elbs are read and applied correctly. Nevertheless, when you do specify security_groups under a network definition in networks, they are read and applied correctly.

This means that to apply security groups to some VMs, you need to create artificial network definition (along everything that this brings - e.g. ensuring separate address ranges). It would be better if security_groups definition worked under vm_types - like it is documented:
https://bosh.io/docs/cloud-config.html#vm-types - "CPI specific" link for AWS links to https://bosh.io/docs/aws-cpi.html#resource-pools .

Resource pools do support specifying security groups (added in cloudfoundry/bosh-aws-cpi-release#28), but it seems the same feature is missing when using vm_types & cloud config.

BOSH version 255.8


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub

@mtekel
Copy link
Author

mtekel commented May 3, 2016

We used 44. I guess that explains it...

@mtekel mtekel closed this as completed May 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cppforlife @mtekel