0

tldr;

Need to import a security group and and a subnet given either a couple tags OR a known resource group.

For a SecurityGroup and a Subnet I've created a resourcegroup given this terraform module definition:

resource "aws_resourcegroups_group" "private_networking" {
  name = "us-blog-private-networking"

  resource_query {
    query = <<JSON
{
  "ResourceTypeFilters": [
    "AWS::EC2::SecurityGroup",
    "AWS::EC2::Subnet"
  ],
  "TagFilters": [
    {
      "Key": "Property",
      "Values": ["us-blog-production"]
    },
    {
      "Key": "Private",
      "Values": [true]
    }
  ]
}
JSON
  }
}

The fact that neither SecurityGroup or Subnet would get fromXXAttributes methods allowing tagging made me create a resource group.

Then I'm trying to find a way to fetch this resources and get a reference. I'd expect a L2 construct API for resourcegroups but only L1 is available.

All I got is CfnGroup which wouldn't have an static method to fetch the group.

I'd like to avoid having to harcode networking elements ids or going redundant creating SSM parameters with such.

What's the most appropriate approach?

diegoaguilar
  • 8,179
  • 14
  • 80
  • 129
  • Can you explain more clearly what you want to achieve? You want to apply tags to existing resources? CDK cannot do that natively, as imported resources cannot be modified. – gshpychka Jun 06 '22 at 16:16
  • @gshpychka I want to import a security group and and a subnet given either a couple tags OR a known resource group – diegoaguilar Jun 06 '22 at 16:24
  • That's not available in CDK, you can only reference a subnet or a SG by ID. You can also use API calls to look up an SG by name. – gshpychka Jun 06 '22 at 16:42
  • Can you offer an example for API calls with CDK? – diegoaguilar Jun 06 '22 at 16:45
  • I was referring to `SecurityGroup.fromLookupByName`, which does an API call and caches the result. – gshpychka Jun 06 '22 at 16:54
  • Oh right. So long story short this is either create a custom ... CF stack which makes it more complex OR create SSM parameters with the ids and then it'd be easy to get the ids and use lookup methods – diegoaguilar Jun 06 '22 at 16:56
  • Right but parameters can be more agnostic and descriptive. – diegoaguilar Jun 06 '22 at 17:02

0 Answers0