-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh required on aws_security_group ingress output after apply aws_security_group_rule #18437
Labels
bug
Addresses a defect in current functionality.
service/ec2
Issues and PRs that pertain to the ec2 service.
Comments
github-actions
bot
added
the
needs-triage
Waiting for first response or review from a maintainer.
label
Mar 26, 2021
breathingdust
added
bug
Addresses a defect in current functionality.
and removed
needs-triage
Waiting for first response or review from a maintainer.
labels
Sep 8, 2021
I am also experiencing the same issue. Here is an example:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
- destroy
Terraform will perform the following actions:
# module.ec2.aws_security_group_rule.rules["6aa28bac18752aaccdc4859a0096f091"] will be destroyed
- resource "aws_security_group_rule" "rules" {
- cidr_blocks = [
- "0.0.0.0/0",
] -> null
- description = "HTTP traffic" -> null
- from_port = 80 -> null
- id = "sgrule-3664357640" -> null
- ipv6_cidr_blocks = [] -> null
- prefix_list_ids = [] -> null
- protocol = "tcp" -> null
- security_group_id = "sg-09716c0d40c38a185" -> null
- self = false -> null
- to_port = 80 -> null
- type = "ingress" -> null
}
# module.ec2.aws_security_group_rule.rules["bc11bef037aafab5918567ea6f3196bf"] will be created
+ resource "aws_security_group_rule" "rules" {
+ description = "HTTP traffic"
+ from_port = 80
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = "sg-09716c0d40c38a185"
+ self = true
+ source_security_group_id = (known after apply)
+ to_port = 80
+ type = "ingress"
}
Plan: 1 to add, 0 to change, 1 to destroy.
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply":
# module.ec2.aws_security_group.ec2 has been changed
~ resource "aws_security_group" "ec2" {
id = "sg-09716c0d40c38a185"
~ ingress = [
- {
- cidr_blocks = [
- "0.0.0.0/0",
]
- description = "HTTP traffic"
- from_port = 80
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = []
- self = false
- to_port = 80
},
+ {
+ cidr_blocks = []
+ description = "HTTP traffic"
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 80
},
]
name = "example-sg"
tags = {
"Name" = "example-sg"
}
# (7 unchanged attributes hidden)
}
# module.ec2.aws_security_group_rule.rules["bc11bef037aafab5918567ea6f3196bf"] has been changed
~ resource "aws_security_group_rule" "rules" {
+ cidr_blocks = []
id = "sgrule-2393865896"
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ source_security_group_id = "sg-09716c0d40c38a185"
# (7 unchanged attributes hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes. |
This is happening to me too. I can't believe nothing has moved on this since 2021. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Addresses a defect in current functionality.
service/ec2
Issues and PRs that pertain to the ec2 service.
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform 0.14.9
AWS Provider 3.33
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
Panic Output
Expected Behavior
In case
aws_security_group
rules are managed using additional resources of typeaws_security_group_rule
, then the output ingress and egress ofaws_security_group
should be available / valid within the sameterraform apply
execution.Basically this means the aws_security_group_rule resources "somehow" how to trigger an update of aws_security_group.
Actual Behavior
Rules within
aws_security_group
definition created using additional resources of typeaws_security_group_rule
, do not provide valid output ingress and egress inaws_security_group
within the sameterraform apply
execution. A second terraform apply is required to update ingress/egress properties.Steps to Reproduce
terraform apply
terraform apply
Important Factoids
References
The text was updated successfully, but these errors were encountered: