This message is extracted from a ticket originally emailed to support@gruntwork.io. Names and URLs have been removed where appropriate.
Hello,
I am struggling to create a vpc with default security group with no
traffic. I check that the default security group for a vpc is not used
and wanted to limit all traffic on it. I am going in the following way:
https://github.com/gruntwork-io/module-vpc/blob/master/modules/vpc-app/main.tf#L23
I could not put "resource "aws_default_security_group" "default" {"
from the link above into in infrastructure-modules/blob/master/networking/vpc-app/main.tf
* module 'vpc': unknown resource 'aws_vpc.main' referenced in variable
aws_vpc.main.id
module vpc: resource is not a valid parameter
I can get the resource out of the module section:
module "vpc" { .. .. .. }
resource "aws_default_security_group" "default" { .. .. }
in file infrastructure-modules/blob/master/networking/vpc-app/main.tf
. but this shows that I use unspecified resource :
aws_default_security_group.default: [ERR] Error finding default security
group: no matching group found .
How can I use this approach and specify security group id?
#
---------------------------------------------------------------------------------------------------------------------
# CREATE THE VPC
#
---------------------------------------------------------------------------------------------------------------------
module "vpc" {
source =
"git::git@github.com:gruntwork-io/module-vpc.git//modules/vpc-app?ref=v0.3.0"
vpc_name = "${var.vpc_name}"
aws_region = "${var.aws_region}"
num_availability_zones = "${var.num_availability_zones}"
tenancy = "${var.tenancy}"
# The number of NAT Gateways to launch for this VPC. For production
VPCs, a NAT Gateway should be placed in each
# Availability Zone (so likely 3 total), whereas for non-prod VPCs,
just one Availability Zone (and hence 1 NAT
# Gateway) will suffice. Warning: You must have at least this number
of Elastic IP's to spare. The default AWS limit
# is 5 per region, but you can request more.
num_nat_gateways = "${var.num_nat_gateways}"
# The IP address range of the VPC in CIDR notation. A prefix of /18
is recommended. Do not use a prefix higher
# than /27.
cidr_block = "${var.cidr_block}"
# Some teams may want to explicitly define the exact CIDR blocks used
by their subnets. If so, see the vpc-app vars.tf
# docs at
https://github.com/gruntwork-io/module-vpc/blob/master/modules/vpc-app/vars.tf
for additional detail.
#From the v0.3.0 upgrade:
#If you are already using vpc-app or vpc-mgmt and want to preserve
the CIDR blocks you were using before
# (highly recommended!), you must set the new input variable
subnet_spacing to 5
# https://github.com/gruntwork-io/module-vpc/releases/tag/v0.3.0
subnet_spacing = "${var.subnet_spacing}"
}
resource "aws_default_security_group" "default" {
<================================================================
vpc_id = "${aws_vpc.mainvpc.vpc}" // How to point to the exact resource
ingress {
protocol = -1
self = true
from_port = 0
to_port = 0
}
}