Terraform – Create On-demand AWS Security Group and Attach to Instance in Cloud Assembly (SKKB1060)

In this blog post we are going to look a Terraform Configuration for a VMware Cloud Assembly Cloud Template that creates an on-demand Amazon Web Services (AWS) Security Group, creates ingress and egress rules and attaches all machine resource instances to the Security Group.


Update Log:


Although Cloud Assembly has native Cloud Security Group resource element on the canvas , we can only use to build Cloud Templates that provision Security Groups on VMware NSX-T. It does not support provisioning Security Groups to AWS. We are going to fill this gab by using the new Terraform functionality in Cloud Assembly.

The Terraform Configuration files and the VMware Cloud Assembly Blueprint are available in the following Gitlab Repo bit.ly/The-Gitlab

Blueprint: tf-aws-ec2-create-security-group-and-attach-to-instance/Blueprint.yaml

Terraform: aws-ec2-create-security-group-and-attach-to-instance/*

Exploring the Cloud Template and Deployment

Let’s examine the Blueprint inputs. Among the standard inputs we need to a multi-tier app we have defined inputs which we can use to set ingress and egress rules. We can see 2 ingress and 2 egress rules

This is a 2-machine resource blueprint where the Web tier machine resource can have multiples instances

In the Terraform Configuration we have connected both machine resources to awsInstanceId1 and awsInstanceId2 variables inputs. We can see that there is a 3rd slot for a 3rd machine resource if we ever add one to the Cloud Template. In addition we are also providing variable for SG name and some values to add as Tag Values in the Security Group.

We have created a deployment with 2xInstance Web Tier and 1xinstance DB Tier machine resources. We can see all the Terraform objects created. Some of these represent AWS ENI Attachments, Ingress and Egress rules, and data objects.

In our deployment we can also see a lot of outputs provided by the Terraform deployment:

We can also see the Security Group being created :



Final Step

If all went well, go grab a beer.

DISCLAIMER; This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Downloadable Files
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *