Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
modules/aws/vpc/sg-etcd: Split out aws_security_group_rule for etcd
This happend for masters and workers in b620c16 (modules/aws: tighten security groups, 2017-04-19, coreos/tectonic-installer#264, where: * Master ingress/egress rules moved from inline entries in modules/aws/master-asg/master.tf to stand-alone rules in modules/aws/vpc/sg-master.tf. * Worker ingress/egress rules moved from inline entries in modules/aws/worker-asg/security-groups.tf to stand-alone rules in modules/aws/vpc/sg-worker.tf. For some reason, b620c16 moved the etcd security group from modules/aws/etcd/network.tf to modules/aws/vpc/sg-etcd.tf without splitting out the inline rules, so this commit catches up for consistency with the other node classes. From the Terraform docs [1]: Terraform currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules. We can also use the rule name to hint at the purpose of a rule, while with inline rules we just have port numbers. In this case, the *_etcd and *_peer suffixes are based on [2]: The official etcd ports are 2379 for client requests, and 2380 for peer communication. [1]: https://www.terraform.io/docs/providers/aws/r/security_group_rule.html [2]: https://github.com/coreos/etcd/tree/v3.3.9#etcd-tcp-ports
- Loading branch information