Resource: awsNetworkInterfaceSgAttachment
This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.
\~> NOTE on instances, interfaces, and security groups: Terraform currently provides the capability to assign security groups via the awsInstance
and the awsNetworkInterface
resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.
Example Usage
The following provides a very basic example of setting up an instance (provided by instance
) in the default security group, creating a security group (provided by sg
) and then attaching the security group to the instance's primary network interface via the awsNetworkInterfaceSgAttachment
resource, named sgAttachment
:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityGroupSg = new aws.securityGroup.SecurityGroup(this, "sg", {
tags: {
type: "terraform-test-security-group",
},
});
const dataAwsAmiAmi = new aws.dataAwsAmi.DataAwsAmi(this, "ami", {
filter: [
{
name: "name",
values: ["amzn-ami-hvm-*"],
},
],
mostRecent: true,
owners: ["amazon"],
});
const awsInstanceInstance = new aws.instance.Instance(this, "instance", {
ami: dataAwsAmiAmi.id,
instanceType: "t2.micro",
tags: {
type: "terraform-test-instance",
},
});
new aws.networkInterfaceSgAttachment.NetworkInterfaceSgAttachment(
this,
"sg_attachment",
{
networkInterfaceId: awsInstanceInstance.primaryNetworkInterfaceId,
securityGroupId: awsSecurityGroupSg.id,
}
);
In this example, instance
is provided by the awsInstance
data source, fetching an external instance, possibly not managed by Terraform. sgAttachment
then attaches to the output instance's networkInterfaceId
:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSecurityGroupSg = new aws.securityGroup.SecurityGroup(this, "sg", {
tags: {
type: "terraform-test-security-group",
},
});
const dataAwsInstanceInstance = new aws.dataAwsInstance.DataAwsInstance(
this,
"instance",
{
instanceId: "i-1234567890abcdef0",
}
);
new aws.networkInterfaceSgAttachment.NetworkInterfaceSgAttachment(
this,
"sg_attachment",
{
networkInterfaceId: dataAwsInstanceInstance.networkInterfaceId,
securityGroupId: awsSecurityGroupSg.id,
}
);
Argument Reference
securityGroupId
- (Required) The ID of the security group.networkInterfaceId
- (Required) The ID of the network interface to attach to.
Attributes Reference
No additional attributes are exported.
Import
Network Interface Security Group attachments can be imported using the associated network interface ID and security group ID, separated by an underscore (_
).
For example: