https://pulumi.com logo
#aws
Title
# aws
l

little-cartoon-10569

06/28/2020, 9:20 PM
Are there pre-built security groups with well-known rules and rule groups? Like the Terraform "aws security-group" module? I'd like a shortcut for creating the security group needed for EC2 instances to join an AD domain, and there's about 16 well-known rules needed...
g

gentle-diamond-70147

06/28/2020, 9:32 PM
I'm not aware of a community module for this. This should be really straightforward with something like below:
Copy code
const adSg = new aws.ec2.SecurityGroup("ad", {
    vpcId: vpc.id, 
    egress: [
      // your rules here
    ]
});
I'm curious... what does the Terraform security-group module provide in addition to this?
l

little-cartoon-10569

06/28/2020, 10:08 PM
Named port/protocol combinations (e.g.
activemq-5671-tcp
and
activemq-61614-tcp
), and named rule groups (e.g.
activemq
), and a couple of snart wrappers.
So you can create things like an ingress activemq security group in about 10 lines.
ActiveMQ only needs (iirc) 5 rules.. AD is much bigger, needs about 16 egress rules for the Domain members. Fortunately, just creating an AD directory creates the equivalent ingress security group for the controller.
Is there a usual way to contribute community modules? I need to create two ComponentResources for AD, and the "member" one might be big enough to save someone else some effort. There's a security group, all the rules, the SSM document and the IAM stuff needed to use it.
l

loud-battery-37784

06/29/2020, 1:36 PM
I haven’t looked deeply yet but does the
awsx
package have some of what you need? https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ec2/#security-groups