two cents, typical real world requirements vary, in the enterprise you might have various tiering by architectural layer (front end waf elb ingress, waf servers, set of dmz components/web servers, set of app servers, set of dbs) all structured out with connectivity models. typically these map to a m:n on security group basis to service model, based on the model's responsibilities and consumers.
On Fri, Jan 12, 2018 at 8:09 AM, Mark Shuttleworth <[email protected]> wrote: > On 12/22/2017 03:03 AM, Marco Ceppi wrote: > > When it comes to scaling operations this can be tedious. I know there > > are configurations for VPC-ID - is there also a similar security-group > > setting where either the default model SG will be set based on user > > input instead of created or a setting where an additional "model" > > security group can be set so instances have it in addition to the > > model/instance security group? > > I think it makes sense that the model creation process might accept such > a parameter, yes. > > Does a security group per model make sense, or should it be per > application in the model (though that sounds like it might be wasteful). > > Mark > > -- > Juju mailing list > [email protected] > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/juju >
-- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
