Terraform – Create On-demand AWS Security Group and Attach to Instance in Cloud Assembly (SKKB1060)

In this blog post we are going to look a Terraform Configuration for a VMware Cloud Assembly Cloud Template that creates an on-demand Amazon Web Services (AWS) Security Group, creates ingress and egress rules and attaches all machine resource instances to the Security Group.

 

Update Log:

Introduction

Although Cloud Assembly has native Cloud Security Group resource element on the canvas , we can only use to build Cloud Templates that provision Security Groups on VMware NSX-T. It does not support provisioning Security Groups to AWS. We are going to fill this gab by using the new Terraform functionality in Cloud Assembly.

The Terraform Configuration files and the VMware Cloud Assembly Blueprint are available in the following Gitlab Repo bit.ly/The-Gitlab

Blueprint: tf-aws-ec2-create-security-group-and-attach-to-instance/Blueprint.yaml

Terraform: aws-ec2-create-security-group-and-attach-to-instance/*

Exploring the Cloud Template and Deployment

Let’s examine the Blueprint inputs. Among the standard inputs we need to a multi-tier app we have defined inputs which we can use to set ingress and egress rules. We can see 2 ingress and 2 egress rules

This is a 2-machine resource blueprint where the Web tier machine resource can have multiples instances

In the Terraform Configuration we have connected both machine resources to awsInstanceId1 and awsInstanceId2 variables inputs. We can see that there is a 3rd slot for a 3rd machine resource if we ever add one to the Cloud Template. In addition we are also providing variable for SG name and some values to add as Tag Values in the Security Group.

We have created a deployment with 2xInstance Web Tier and 1xinstance DB Tier machine resources. We can see all the Terraform objects created. Some of these represent AWS ENI Attachments, Ingress and Egress rules, and data objects.

In our deployment we can also see a lot of outputs provided by the Terraform deployment:

We can also see the Security Group being created :

 

 

Final Step

If all went well, go grab a beer.

Leave a Reply

Your email address will not be published. Required fields are marked *