-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Provider in 0.5.3- Can not tie multiple aws_security_group_rule to one security group #2294
Comments
Additionally, sometimes the subsequent |
I think this is an issue with the fact that the IPPermission hashing in https://github.com/hashicorp/terraform/blob/master/builtin/providers/aws/resource_aws_security_group_rule.go#L266 only considers CIDR blocks and not other security groups as sources. I'm working on a fix now. |
Basically you get different rules hashing to the same thing. |
By the way this is an awesome issue report @zxjinn |
Thanks @jszwedko 😄 I figure the people neck-deep in Go, doing the hard work, deserve as much help as they can get. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Again, I just love Terraform.. I sing its praises to everyone I meet!
The second issue I found deals again with
aws_security_group_rule
. I can not get one security group to attach multiple rules (which point to other security groups) without throwing errors on subsequentapply
s.File structure and contents
tree
main.tf
terraform.tfvars
Terraform version
Tested with both:
Problem
I have had a number of issues getting security groups to reference each other, this one in particular I can't seem to get around. First I create three security groups,
nat
,admin
,bastion
. Second I allow all traffic fromnat
toadmin
. Third, allow all traffic frombastion
toadmin
. This applies correctly on the first Terraform apply, but all other subsequent applies do not work properly.Commands ran and statefiles
Plan
Apply
Statefile, after first apply
Note that the
source_security_group_id
foraws_security_group_rule.admin_ingress_bastion
ANDaws_security_group_rule.admin_ingress_nat
both say the same id (sg-4fed032b
), which is incorrect.The one relating to
bastion
should saysg-4fed032b
and the one relating tonat
should saysg-48ed032c
.However, the rule was successfully applied. Screenshot from the AWS console directly after the first apply.
Apply, with no changes
Statefile diff, after failed apply
I hope that wasn't TMI!
This might or might not relate to the other issue I just reported, #2291.
The text was updated successfully, but these errors were encountered: