Error revoking security group ingress rules: InvalidPermission.NotFound #2879
Labels
bug
Addresses a defect in current functionality.
service/ec2
Issues and PRs that pertain to the ec2 service.
Milestone
This issue was originally opened by @djgrubson as hashicorp/terraform#17042. It was migrated here as a result of the provider split. The original body of the issue is below.
-terraform version
0.11.1
-this is happening in custom created VPC
each terraform apply generate update in place even no changes are made with sg-caci-all-ip SG;
-plan output
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
~ module.bastion.aws_security_group.sg-caci-all-ip
ingress.1228639923.cidr_blocks.#: "0" => "1"
ingress.1228639923.cidr_blocks.0: "" => "195.1.1.1/26"
ingress.1228639923.description: "" => "CACI Proxy"
ingress.1228639923.from_port: "" => "0"
ingress.1228639923.ipv6_cidr_blocks.#: "0" => "0"
ingress.1228639923.protocol: "" => "tcp"
ingress.1228639923.security_groups.#: "0" => "0"
ingress.1228639923.self: "" => "false"
ingress.1228639923.to_port: "" => "65535"
ingress.1455026123.cidr_blocks.#: "0" => "1"
ingress.1455026123.cidr_blocks.0: "" => "195.1.1.2/32"
ingress.1455026123.description: "" => "LDS CACI"
ingress.1455026123.from_port: "" => "0"
...
security_groups.#: "0" => "1" (forces new resource)
security_groups.3062004935: "" => "sg-01efd77a" (forces new resource)
1 error(s) occurred:
module.bastion.aws_security_group.sg-caci-all-ip: 1 error(s) occurred:
aws_security_group.sg-caci-all-ip: Error revoking security group ingress rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
status code: 400, request id: 298dde37-c18f-4fd7-aa77-8e772a8bb517
-config file to reproduce from bastion module
locals {
default_tags = {
Owner = "coop"
Environment = "stage"
Terraform = "true"
}
}
resource "aws_security_group" "sg-caci-all-ip" {
name = "caci-all"
description = "Internal IP for TEST Networks"
vpc_id = "${var.vpc_id}"
outbound internet access
}
resource "aws_instance" "bastion" {
ami = "${var.ami}"
availability_zone = "${var.az-1}"
instance_type = "${var.bastion_instance_type}"
key_name = "${var.key_name}"
vpc_security_group_ids = ["${aws_security_group.sg-caci-all-ip.id}"]
subnet_id = "${var.subnet-az-1-public_id}"
associate_public_ip_address = true
)}"
}
The text was updated successfully, but these errors were encountered: