https://pulumi.com logo
Powered by
#aws
Title
# aws
b

breezy-laptop-42679

08/12/2022, 2:29 PM
Copy code
const allowPostgresSgRule =
      env === 'prod' &&
      tfCCCRdsPostgresSg &&
      new aws.ec2.SecurityGroupRule('ccc-postgres-access-rule', {
        type: 'ingress',
        fromPort: 5432,
        toPort: 5432,
        protocol: 'tcp',
        sourceSecurityGroupId: sg.id,
        securityGroupId: tfCCCRdsPostgresSg.id,
      });
   // NOTE: Sunguard GP VPN
   const allowLocalAccessGPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.0.0/19'],
    securityGroupId: XXXXXRdsPostgresSg.id,
  });
  // NOTE: Bethpage GP VPN
  const allowLocalAccessGPBPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-bp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.X.0/24'],
    securityGroupId: XXXXRdsPostgresSg.id,
  });
l

little-cartoon-10569

08/14/2022, 8:36 PM
Are you saying that when you use 
allowPostgresSgRule
later, its value is possibly undefined? Because it is. You're conditionally creating it.
If env isn't 
prod
or tfCCCRdsPostgresSg is falsy, then allowPostgresSgRule will be undefined.
Can I suggest changing that to use more traditional if-statements? Or maybe just not make it conditional? SGs are free, just make it no matter what.
Powered by