Security groups, nested rules not refreshing with changes made from aws

[mylesparker]

I'm trying to use terraform to manage security groups, I have a simple use of two security groups in which the second uses a nested rule config to use the first security group as ingress rules set. When I run this it creates the groups just fine, but if I go in manually and adjust something after the fact in the aws console and run terraform refresh it does not seem to pick up the changes so on a subsequent terraform plan/apply the groups will be reset.

Below is the .tf file defining the 2 groups.

if I change some rules on security group 2 (say change 8181 to 8180) in the console, refresh will not pick the changes up.

provider "aws" {
  access_key="${var.access_key}"
  secret_key="${var.secret_key}"
  region="${var.region}"
}

/* security group for app-template  */
resource "aws_security_group" "mid-app-1" {
  vpc_id = "${var.vpc_id}"
  name="middle-app1-${var.vpc_tag_name} "
  description="security group mid-app-1 "
  tags {
    Name="mid-app-1"
    created_on="2015-08-28"
    created_by="terraform"
    application="mid-app-1"
    allocated="true"
    allocated_on="2015-08-28"
    owner="apps"
  }
  /* inbound rules */
  ingress {
    from_port=7001
    to_port=7001
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  ingress {
    from_port=8080
    to_port=8080
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  ingress {
    from_port=9061
    to_port=9071
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  ingress {
    from_port=9091
    to_port=9101
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  /* outbound to the vpc*/
  egress {
   from_port="0"
   to_port="0"
   protocol="-1"
   cidr_blocks=["${var.base_ip}0.0/16"]
  }
}

/* security group for appr template  */
resource "aws_security_group" "mid-app-2" {
  vpc_id = "${var.vpc_id}"
  name="middle-app2-${var.vpc_tag_name} "
  description="security group mid-app-2 "
  tags {
    Name="mid-app-2"
    created_on="2015-08-28"
    created_by="terraform"
    application="mid-app-2"
    allocated="true"
    allocated_on="2015-08-28"
    owner="apps"
  }
  /* inbound rules */
  ingress {
    from_port=7001
    to_port=7001
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  ingress {
    from_port=8080
    to_port=8080
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  ingress {
    from_port=8181
    to_port=8181
    protocol="tcp"
    cidr_blocks=["${var.base_ip}0.0/16"]
  }
  ingress {
    from_port=9090
    to_port=9090
    protocol="tcp"
    security_groups=["${aws_security_group.mid-app-1.id}"]
  }
  /* outbound */
  egress {
   from_port="0"
   to_port="0"
   protocol="-1"
   cidr_blocks=["${var.base_ip}0.0/16"]
  }
}

[hexedpackets]

This seems identical to #2151

[paulcdejean]

Possibly related to: #3341

[catsby]

Hey all – I verified that this has since been fixed. Sorry for the silence!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.