2

Is it possible to create two security groups in two different accounts and reference one of them in the egress rules of other using Terraform in one code file?

For instance if we have two VPCs A and B, I want to create two security groups in each of the VPCs and reference security group A in egress of security group of B.

Main issue which I am facing is that I got two different deployer roles which I am not sure how to use in single terraform TF file.

PS: VPCs are peered.

Thanks in advance.

Ash Panwar
  • 317
  • 1
  • 4
  • 12

1 Answers1

3

Yes, this is possible using multiple provider definitions and the alias attribute and referring to them when defining the resources:

provider "aws" {
  region = "eu-west-1"
}

provider "aws" {
  region  = "us-east-1"
  profile = "other-account"
  alias = "other"
}

resource "aws_vpc" "this" {
  provider = "aws.other"
  // ..
}
StephenKing
  • 36,187
  • 11
  • 83
  • 112
  • 2
    While it is roughly the same approach it would be better if this answer showed how to use multiple AWS _accounts_ instead of regions. Using either profiles or assuming roles (showing both would be great) is a bit different to region selection. – ydaetskcoR Sep 26 '18 at 13:54
  • Ah, thanks for the hint, reminded me so much of my solution that I forgot to adjust it. – StephenKing Sep 26 '18 at 13:58
  • 1
    Pretty sure you still need the `alias` parameter on the non default AWS provider. And a link to the provider configuration docs would be cool too. – ydaetskcoR Sep 26 '18 at 15:08
  • This approach was really handy to get `aws_caller_identity` to resolve to the original IAM user and not the assumed role so that I could tag resources with the user who actually created them. – steinybot Jul 12 '19 at 08:17