feat: Added optional revoke_rules_on_delete functionality (required for EMR) #179
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added the revoke_rules_on_delete attribute to the aws_security_group resources as issues discovered using the module with EMR.
Added the variable to use for allowing the revoke_rules_on_delete attribute to be enabled
Updated the README for the revoke_rules_on_delete details
Update the README.md to add correct variable name
antonbabenko
changed the title
hoylemd
added a commit
to pixlee/terraform-aws-security-group
that referenced
this pull request
Oct 14, 2020
* upstream/master: Updated CHANGELOG chore: Fixed formatting feat: Allow custom Name tag for security group (terraform-aws-modules#187) Updated CHANGELOG feat: Add JMX and Node exporter TCP ports for Kafka (terraform-aws-modules#186) Updated CHANGELOG feat: aws-provider version bump to >= 2.42, < 4.0 (terraform-aws-modules#184) Updated CHANGELOG feat: Add support for Solr (terraform-aws-modules#181) Updated CHANGELOG feat: Added optional revoke_rules_on_delete functionality (required for EMR) (terraform-aws-modules#179) Updated CHANGELOG feat: Updated version requirements to support Terraform 0.13 (terraform-aws-modules#178) Updated CHANGELOG fix: Fixed MinIO rules formatting feat: Adding support for MinIO (terraform-aws-modules#174)
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
A new optional boolean variable was created in the variables.tf to allow revoke_rules_on_delete to be set.
Within the main.tf, this new variable was used to set the attribute on Security Group creation.
The README has been updated to include the details on the new
Motivation and Context
While using this module in collaboration with AWS EMR, some issues were found on doing a destroy of the entire stack. AWS EMR creates additional rules in the SG's and in my experience seemed to create a circular dependency where rules in one SG referenced another SG and vice versa. The only resolution appeared to be manual intervention to remove the rules from the SG's and then re-run a destroy to allow a teardown of resources.
Breaking Changes
This has no breaking changes as the variable has been added with a default value of false, so anyone wishing to utilise this capability would only need to pass in the variable with the true value.
How Has This Been Tested?
I was initially using the module as is and was encountering the failure on destroy where an EMR was provisioned. I branched off the repo in our local environment and made the changes to add the new variable & apply it to the resources for SG creation. When using this branch I was successfully able to create the necessary resources and then run an E2E destroy of all components which were spun up from Terraform without any manual intervention.