Ho, i have terradorm question… if i need to create two modules wich use the same security group (it’s no exis t, i should create it first) … what the right approach , create separate moudle for security group and use rely ? Or something else
yes, create a separate module that manages the security group or you can use one that was already created https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest. Also you can create that SG in one of the modules and output the id, while to the other module you pass the SG id from the other module. But it depends on the use case you have
Thanks, I tell you exactly the use case… I deploy many sql servers that use the same security group… the first deploy works perfect, but the second deploy return error that sg already exists… this ehat i rry to resolve and manage it with best practices
make the creation of SG as optional, if the SG id is provided, then it will use it, if not, it will create it.
but it would be better to extract the SG creation outside of the servers and provide it as a value to the module
however, I consider this to be a bad approach since every sql server should have it’s own security group and rules
this way, when you delete one, it will not interract with others
the same, if you change the SG rules to provide access to temporary sources or ports, the change will not be done to all servers at once. having SG individual with the server itself, can allow A/B testing approaches when working on new features that requires changes in SG rules and so on.
having only one SG, will make all servers dependent on that SG and indirectly to one another.
unless this is an autoscaling behaviour
Thanks. I heard you. It’s mean that i will end up be with many duplicates sg … Do you sure this the best practice ?
I don’t say that this is the best solution. What I usually do is to make resources independent. You said you create many sql servers. What applications will have access to them ? Are they all in the same project ? Are part of multiple projects ? Do they need to have the same permissions ? If you have doubts, start with one external SG and later you can change to create one SG per SQL server. In aws you have a max limit of 2500 SGs per VPC
Yes, thanks… it’s all clear… all the sql server on the same project