EC2: Security Groups lookup by Owner #30331
Comments
eschirle
added
feature-request
github-actions
bot
added
the
@aws-cdk/aws-ec2
|
I created a PR with a possible solution for this #30334 |
khushail
added
investigating
|
@eschirle , this makes sense to me. Thanks for reporting and volunteering for PR contribution ! |
khushail
added
effort/small
Hi @khushail - I made some updates to the PR today and marked it as ready for review. I was able to run unit tests and integration tests in my development environment but I think it needs some additional changes to pass validation. |
|
Comments on closed issues and PRs are hard for our team to see. |
1 similar comment
|
Comments on closed issues and PRs are hard for our team to see. |
Closes aws#30331. This will improve the security group lookup functionality for importing existing security groups into a CDK stack. I added the ability to lookup existing security groups via more filters. Filters are supported by the [DescribeSecurityGroups API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html), and using these filters can be immensely useful for looking up existing security groups, especially if your account or organization follows predictable rules regarding things like security group tags. I added unit tests similar to the ones that test the normal lookup by ID or name. - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Describe the feature
SecurityGroup.fromLookupByName() provides an option for looking up a security group by name - but this fails if multiple SGs are found with the provided name.
This feature is for the ability to filter security groups by Owner as well.
Use Case
I have a use case where I'd like to use a Baseline SecurityGroup for Lambda Functions that are a part of a custom construct to avoid creating a new SG and using up more Hyperplane ENIs. I can lookup by name "BaselineSecurityGroup", but my VPC is shared across multiple micro accounts, and so multiple SecurityGroups are returned.
This feature would include the option to filter SecurityGroups by SecurityGroupName and Owner, so that I can grab the SG when there are multiple with the same name in a single VPC.
Proposed Solution
Either adding an optional owner input to
fromLookupByNameor add a new methodfromLookupByNameAndOwnerin security-group.tspublic static fromLookupByName(scope: Construct, id: string, securityGroupName: string, vpc: IVpc, owner?: string) { return this.fromLookupAttributes(scope, id, { securityGroupName, vpc, owner }); }Other Information
No response
Acknowledgements
CDK version used
2.142.0
Environment details (OS name and version, etc.)
N/A
The text was updated successfully, but these errors were encountered: