-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Applying Security Group changes to aws_instance should update, not destroy/recreate #14416
Comments
Hey @bloo, thanks for the issue! Do you have an example configuration that can reproduce the issue? Thanks! |
Thanks @grubernaut - below is a simple terraform that contains 2
After uncommenting line 13 and running
|
Hi @grubernaut - just wondering if there's anything more I can contribute to this? |
Hey @bloo, extremely sorry, but I haven't had a chance to look at this issue yet. I'll attempt to dive in tomorrow! |
@bloo Your example defines an EC2 Classic instance. In EC2 Classic, an instance's security groups can only be set at launch time. They can't be modified. That is possible for VPC instances though, and Terraform behaves as you expect there. The EC2 Classic limitation is indicated (though subtly) by the AWS documentation you've linked in the original report (emphasis mine):
I don't think there's a Terraform bug here. |
@rfletcher to clarify, I should use the 2nd parameter, not the first one - and it'll allocate a non-classic EC2 instance?
|
That's how you'll set any security groups once it is in VPC, but to launch it in VPC you need to specify the subnet. See the |
@rfletcher thanks for the clarification! |
Thanks for the response here @rfletcher! 😄 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
0.9.4
Affected Resource(s)
Expected Behavior
Altering aws_security_group definitions should recreate those, then update the aws_instances that were attached to them.
It looks like you can update instances via the AWS API:
http://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html
Actual Behavior
AWS instances are destroyed and recreated, instead of updated in place.
The text was updated successfully, but these errors were encountered: