Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
n
nutritious-battery-42762
04/04/2022, 2:24 PMI really wanted to have my database in a separate stack but it seems that'll only cause issues
m
millions-furniture-75402
04/04/2022, 3:09 PMYou can have your database in a separate stack.
You probably want to have this stack modify the security rules of the security group declared by the database stack.
pulumi
.all([appSecurityGroup.id, sharedDbSecurityGroupId])
.apply(async ([appSecurityGroupId, sharedDbSecurityGroupId]) => {
const sharedDbSecurityGroup = awsx.ec2.SecurityGroup.fromExistingId("shared-db-sg", sharedDbSecurityGroupId, {
vpc: vpc.vpc,
});
awsx.ec2.SecurityGroupRule.ingress(
`${appName}-db-sg-rule-ingress`,
sharedDbSecurityGroup,
{
sourceSecurityGroupId: appSecurityGroupId,
},
new awsx.ec2.TcpPorts(3306),
`For ${appName}`,
);
});l
little-cartoon-10569
04/04/2022, 9:24 PMIf it makes sense to have the database in a separate stack, then it should be in a separate project. If a resource ( e.g. a security group rule) is strongly logically coupled to another resource (e.g. a database), then ideally it would be in the same project and stack. Note that a security group rule might not be strongly logically coupled to its security group, depending on your programs' architecture. A rule just need a security group ID, which does not always imply a logical coupling.