TL;DR: Can I do a data "aws_security_group_ids" lookup on a security group in another account?
I have a module which requires the user to know about security groups in other accounts to act as source security groups:
resource "aws_security_group_rule" "ssh_group" {
.
.
.
source_security_group_id = source_security_group_id = var.sg_instance_ingress_allow_ssh_sg_id
}
that ID looks like : "<another_account_id>/<security_group_id>"
Is it possible to look this up using a data lookup? I know I can set a different AWS provider for the other account, but then how would I pass the account_name/sg-id argument to the security group rule?
It seems reasonable to me that the developer of the module has knowledge of both accounts, but not that the user of the module should have such knowledge. It also does not seem reasonable to set default values for this variable, or hardcode it into the module.
What’s a poor devop to do in this situation? Teach me your tricks!
Thanks!
Bruce