When you create a VPC via chef provisioning, it will create a data bag for it.
(similarly for subnets. ).
I’m guessing from what you’ve said you have existing VPCs, and want to figure out how best to leverage them with Chef provisioning.
The easiest thing to do I think is to create data bags by hand for the existing VPCs and Subnets, as that will let you leverage all of chef provisioning.
Looking at an existing VPC created by chef provisioning:
$ knife data bag show aws_vpc
you can see the structure of it from:
$ knife data bag show aws_vpc dev-us-west-2 -F json
Unencrypted data bag detected, ignoring any provided secret options.
So to replicate this for a new VPC, simply create a new JSON file:
$ cat newdev-us-west-2.json
and then upload it to Chef server:
knife data bag from file aws-vpc newdev-us-west-2
In my case the VPC naming matches up to environment (as that feels like a logical match) and so I can then reference the VPC via that name, so you can modify the as_security_group stanza accordingly
aws_security_group sg_name do
You can then do the same for the subnets (see aws_subnet data bag).
One thing to note, I’m using chef server, although I’d imagine this’d work the same for Chef Zero. Other thing to note, right now I’ve a chef provisioning node per environment (node.chef_environment will match that of the provisioning node)
hope this helps