I have an intersting challenge to manage an AWS ASG security group from different root modules.
The security group (controlling the application traffic) is created during creation of the ASG.
In additional terraform modules I start the services on the ASG (its a Nomad Cluster) and create AWS Network Load Balancer to access the workload. For the NLB I need to to manage the client rules on the same security group. For a single stage this is not an issue.
I struggle with running multistage setup using the same ASG as the creation of the same rules - different NLB but same CIDR blocks, same source port - will cause conflicts with existing rules.
I have already looked for a security_group datasource that returns the current firewall list but it seems this does not exist.
I also don’t see a possibility to attach additional security groups in a later step to the ASG without interfering with the root asg module.
Has anyone an idea how to get similar firewall rules created without causing conflicts?