Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: AWS prefix lists to enable security group egress to a VPC Endpoint #7319

Closed
wants to merge 3 commits into from
Closed

provider/aws: AWS prefix lists to enable security group egress to a VPC Endpoint #7319

wants to merge 3 commits into from

Conversation

dtolnay
Copy link
Contributor

@dtolnay dtolnay commented Jun 24, 2016
edited
Loading

This is a rebase of #6872. Fixes #3413 and closes #6872.

This PR is based on the following:

In addition, one acceptance test is broken into two parts as one part requires EC2 Classic to operate.

The changes introduce two new concepts:

  • prefix_list_id exported attribute on an aws_vpc_endpoint
  • prefix_list_ids configuration options on aws_security_group/egress and aws_security_group_rule

All non-EC2 Classic acceptance tests in the security group and security group rule files are passing on my build. Other acceptance tests haven't been executed due to cost and time requirements.

Documentation has been added to the relevant resource pages.

I have tested the ability to create a security group egress route to a prefix list and confirmed the behaviour in the AWS web console.

As discussed in GH-3413, I did not create a new resource for a prefix list since these are objects internally managed by AWS, i.e. there is no associated resource lifetime to manage.

@dtolnay dtolnay mentioned this pull request Jun 24, 2016
Closed
@dtolnay dtolnay changed the title Add support for AWS prefix lists to enable security group egress to a VPC Endpoint provider/aws: AWS prefix lists to enable security group egress to a VPC Endpoint Jun 28, 2016
@stevehorsfield @dtolnay
Split TestAccAWSSecurityGroup_DefaultEgress into VPC/Classic
29623f8 
This test function tests both VPC and Classic EC2 modes, but not
all accounts have support for both. Splitting them makes it
easier to understand why a test fails when an account only
supports the VPC mode.
@stevehorsfield @dtolnay
Add 'prefix_list_id' exported attribute to AWS VPC Endpoint
db5f450 
'prefix_list_id' can be used in egress rules in VPC security groups.
@stevehorsfield @dtolnay
Add support for 'prefix_list_ids' to AWS VPC security group rules
03c2c44 
Prefix list IDs are used when allowing egress to an AWS VPC Endpoint.

See http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html#vpc-endpoints-routing
@dtolnay
Copy link
Contributor Author

dtolnay commented Jun 30, 2016

I rebased again to fix a conflict with #7164.

@quater quater mentioned this pull request Jul 6, 2016
Closed
@catsby catsby mentioned this pull request Jul 6, 2016
Merged
@catsby
Copy link
Contributor

catsby commented Jul 6, 2016

Hey all – I added to the tests with a lookup and check on the Prefix ID in #7511, we'll go with that one.

Thanks!

@catsby catsby closed this Jul 6, 2016
@dtolnay dtolnay deleted the aws-prefix-list branch July 6, 2016 16:38
catsby added a commit that referenced this pull request Jul 7, 2016
@catsby
Merge pull request #7511 from hashicorp/pr-7319
17931c7 
provider/aws: AWS prefix lists to enable security group egress to a VPC Endpoint (supersedes #7319)
@ghost
Copy link

ghost commented Apr 24, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement provider/aws
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ability for AWS Security Group to Associate AWS Prefix List ID
3 participants
@dtolnay @catsby @stevehorsfield