In this blog post we are going to look a Terraform Configuration for a VMware Cloud Assembly Cloud Template that creates an on-demand Amazon Web Services (AWS) Security Group, creates ingress and egress rules and attaches all machine resource instances to the Security Group.
Update Log:
Introduction
Although Cloud Assembly has native Cloud Security Group resource element on the canvas , we can only use to build Cloud Templates that provision Security Groups on VMware NSX-T. It does not support provisioning Security Groups to AWS. We are going to fill this gab by using the new Terraform functionality in Cloud Assembly.
The Terraform Configuration files and the VMware Cloud Assembly Blueprint are available in the following Gitlab Repo bit.ly/The-Gitlab.
Blueprint: tf-aws-ec2-create-security-group-and-attach-to-instance/Blueprint.yaml
Terraform: aws-ec2-create-security-group-and-attach-to-instance/*
Exploring the Cloud Template and Deployment
Let’s examine the Blueprint inputs. Among the standard inputs we need to a multi-tier app we have defined inputs which we can use to set ingress and egress rules. We can see 2 ingress and 2 egress rules
This is a 2-machine resource blueprint where the Web tier machine resource can have multiples instances
In the Terraform Configuration we have connected both machine resources to awsInstanceId1 and awsInstanceId2 variables inputs. We can see that there is a 3rd slot for a 3rd machine resource if we ever add one to the Cloud Template. In addition we are also providing variable for SG name and some values to add as Tag Values in the Security Group.
We have created a deployment with 2xInstance Web Tier and 1xinstance DB Tier machine resources. We can see all the Terraform objects created. Some of these represent AWS ENI Attachments, Ingress and Egress rules, and data objects.
In our deployment we can also see a lot of outputs provided by the Terraform deployment:
We can also see the Security Group being created :
Final Step
If all went well, go grab a beer.
include_once TEMPLATEPATH."/../../../itBlogDisclaimer.php"; ?>