No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Is there any existing module or example creating security groups from some simple yaml or json configuration?

Hi <@UKA1VMF5Z>, I am not sure what you mean by YAML or JSON - we do not support either of those syntax types

yes, I know, it's not about the syntax, I was just looking for some simple solution to store security groups configuration in yaml, like that:

`sg1:
  ingress:
    ports:
      - udp: 5000-5100, 5200
    addresses:
      - 10.0.0.0/24
      - 192.168.0.0/24

sg2:
 ...`

it's pretty easy to implement with pulumi, just was looking for existing library or something like that

defining each security group via code always seems too verbose for my tastes

i tend to simplify the interesting parts into an array and then just have a loop that expands it to the full definitions

but of course you could read from a config json or whatever

Oh now I see what you mean - there are no official examples that cover that type of thing

FWIW I am going to be spending a little time trying to make the SGs a little nicer to use - I agree that they can be a little painful sometimes :)

When I put together an issue that describes what I want to do, I will let you know

Feel free to DM with any ideas you think you have about a nice simple interface for this

Am I correct that currently the existing security group related functions cannot take the list of ports as an argument? It looks like the only option is to provide fromPort and toPort, not a list of ports/ranges

and it looks like it is also true for awsx module

it's already possible to provide the list of cidrBlocks, would be nice to have an ability to also provide lists of ports (or ranges) with the standard implementation, something like { tcp: [ 22, 8000-8080], udp: []...}

image.png

I decided to use configuration like this one in my projects, will write a simple wrapper around standard pulumi security group functions

after some flattening it produces this json, it would be great to have an option to use such object as an input to pulumi sg functions