Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting other partitions, e.g. GovCloud? #165

Open
lorengordon opened this issue Mar 6, 2021 · 2 comments
Open

Supporting other partitions, e.g. GovCloud? #165

lorengordon opened this issue Mar 6, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@lorengordon
Copy link

lorengordon commented Mar 6, 2021
edited

Hello, I was curious if you had ideas on patterns for how this module might be used or extended to support partitions other than aws? In particular, aws-us-gov, but there is also aws-cn, aws-iso, and aws-iso-b.

Right now, the module has providers aliased with names specific to each region... I suppose we could effectively ignore that? For example, in our root module map a us-gov-west-1 provider to the aliased us-west-1 provider, us-gov-east-1 to us-east-1, and use var.target_regions to scope things to just those two regions...

Or would it make more sense to just add aliased providers for each region in other partitions to this module? Or to somehow create another module or layer of abstraction for each partition?
@nozaq
Copy link
Owner

nozaq commented Mar 14, 2021

@lorengordon
Mapping different regions to aliases should just work because this module setup same resources for aliased providers. I'm afraid additiing aliased providers for those partitions, however, would be troublesome because users would be required to provide these aliases even if they don't activate them in their accounts.

Originally I had no plan to support those partitions simply because I haven't had any chance working with them. I'm happy to discuss if you have any idea or propsal though!

@nozaq nozaq added the enhancement New feature or request label Mar 14, 2021
@lorengordon
Copy link
Author

lorengordon commented Mar 14, 2021
edited

@nozaq With the limitations on using expressions when specifying values for the provider/providers attributes of resources/modules, it is hard to see how to make it work with a single top-level module... I could maybe see how we could have partition-specific modules, each defining all the aliased providers for the regions in each partition. Perhaps the top-level module then becomes a single-region, single-provider wrapper around all the "baseline" modules? Something like:

$ tree .
.
└── modules
    ├── baselines
    │   ├── alarm
    │   ├── analyzer
    │   ├── cloudtrail
    │   ├── config
    │   ├── ebs
    │   ├── guardduty
    │   ├── iam
    │   ├── secure-bucket
    │   ├── securityhub
    │   └── vpc
    └── partitions
        ├── aws
        ├── aws-cn
        ├── aws-iso
        ├── aws-iso-b
        └── aws-us-gov

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nozaq @lorengordon