After a while I stumbled across the VPC section in http://www.jclouds.org/documentation/userguide/using-ec2/ which states that the VPC and security groups are mutually exclusive but I don't believe this is the case anymore.
I've had a bit of a dig through the code and lost myself a few times but it looks like the interface to make calls to create a security group with VPC specified already exists in the aws-ec2 provider.
I'm wondering if there are docs/discussions where this has been talked about?
I think when a non-VPC instance is created, passing the name of a security group that doesn't exist, the group is automatically created by AWS as part of the same call that creates the instance. For a VPC security group it seems like the group would have to be created manually by jclouds code first, the id retreived and then passed as an option into the instance creation details. I was originally thinking about doing this in the code that chooses not to supply security group names when a subnet id is detected, using the subnet id to get the VPC id needed to create the new security group. This seems a bit wrong though as the code is more about building up options for the create instance call to AWS.
Maybe the right thing is to be explicitly creating VPC security groups in pallet and making sure the ids can be passed on through jclouds?
The other thing to consider is the security group name restrictions are different when making a VPC security group, notably the # symbol is not allowed.
Sorry if this is a bit rambly, trying to understand a lot of new code and how all the parts fit together.
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.