https://pulumi.com logo
#general
Title
# general
b

bored-river-53178

07/17/2019, 8:24 AM
Is there any existing module or example creating security groups from some simple yaml or json configuration?
b

broad-dog-22463

07/17/2019, 8:53 AM
Hi @bored-river-53178, I am not sure what you mean by YAML or JSON - we do not support either of those syntax types
b

bored-river-53178

07/17/2019, 8:58 AM
yes, I know, it's not about the syntax, I was just looking for some simple solution to store security groups configuration in yaml, like that:
Copy code
sg1:
  ingress:
    ports:
      - udp: 5000-5100, 5200
    addresses:
      - 10.0.0.0/24
      - 192.168.0.0/24

sg2:
 ...
it's pretty easy to implement with pulumi, just was looking for existing library or something like that
defining each security group via code always seems too verbose for my tastes
b

better-rainbow-14549

07/17/2019, 9:04 AM
i tend to simplify the interesting parts into an array and then just have a loop that expands it to the full definitions
but of course you could read from a config json or whatever
b

broad-dog-22463

07/17/2019, 9:14 AM
Oh now I see what you mean - there are no official examples that cover that type of thing
FWIW I am going to be spending a little time trying to make the SGs a little nicer to use - I agree that they can be a little painful sometimes :)
b

bored-river-53178

07/17/2019, 9:15 AM
that's great to hear, thanks!
b

broad-dog-22463

07/17/2019, 9:16 AM
When I put together an issue that describes what I want to do, I will let you know
Feel free to DM with any ideas you think you have about a nice simple interface for this
b

bored-river-53178

07/17/2019, 9:23 AM
Am I correct that currently the existing security group related functions cannot take the list of ports as an argument? It looks like the only option is to provide fromPort and toPort, not a list of ports/ranges
and it looks like it is also true for awsx module
b

broad-dog-22463

07/17/2019, 9:26 AM
I believe so
b

bored-river-53178

07/17/2019, 9:27 AM
it's already possible to provide the list of cidrBlocks, would be nice to have an ability to also provide lists of ports (or ranges) with the standard implementation, something like { tcp: [ 22, 8000-8080], udp: []...}
I decided to use configuration like this one in my projects, will write a simple wrapper around standard pulumi security group functions
after some flattening it produces this json, it would be great to have an option to use such object as an input to pulumi sg functions