Skip to content

refactor(terraform): decouple Security Groups into own Terraform root — Layer 1 #274

Description

@bhumi46

Part of #273

What

Extract all security group definitions (nginx, control-plane, etcd, worker) out of aws-resource-creation into a standalone Terraform root with its own state file.

Why

Currently all 4 node-type security groups are passed as one combined variable blob into aws-resource-creation. Any SG rule change requires a full plan across EC2 and DNS resources.

Acceptance Criteria

  • security-groups component is a standalone Terraform root under terraform/implementations/aws/security-groups/
  • Each node type (nginx, control-plane, etcd, worker) has its own aws_security_group resource
  • State is isolated — SG changes do not touch EC2 or DNS state
  • Downstream components (ec2) look up SG IDs via data "aws_security_group" by tag

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions