Specify an existing security group as model config?

[Nicholas Skaggs]

Marco, we have done a POC of this in the past as a model constraint. So,

juju bootstrap aws aws --constraints security-groups=sg1,sg2
juju set-model-constraints security-groups=sg1,sg2,...

How does that feel?

Nicholas

On Sat, Jan 13, 2018 at 1:08 AM, Kapil Thangavelu <kapilt at gmail.com> wrote:

> two cents, typical real world requirements vary, in the enterprise you
> might have various tiering by architectural layer (front end waf elb
> ingress, waf servers, set of dmz components/web servers, set of app
> servers, set of dbs) all structured out with connectivity models. typically
> these map to a m:n on security group basis to service model, based on the
> model's responsibilities and consumers.
>
> On Fri, Jan 12, 2018 at 8:09 AM, Mark Shuttleworth <mark at ubuntu.com>
> wrote:
>
>> On 12/22/2017 03:03 AM, Marco Ceppi wrote:
>> > When it comes to scaling operations this can be tedious. I know there
>> > are configurations for VPC-ID - is there also a similar security-group
>> > setting where either the default model SG will be set based on user
>> > input instead of created or a setting where an additional "model"
>> > security group can be set so instances have it in addition to the
>> > model/instance security group?
>>
>> I think it makes sense that the model creation process might accept such
>> a parameter, yes.
>>
>> Does a security group per model make sense, or should it be per
>> application in the model (though that sounds like it might be wasteful).
>>
>> Mark
>>
>> --
>> Juju mailing list
>> Juju at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/juju
>>
>
>
> --
> Juju mailing list
> Juju at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20180117/d487e518/attachment.html>