Skip to content

Cannot specify multiple security rules of the same type for different porst #40

New issue
New issue
Closed
Closed
Cannot specify multiple security rules of the same type for different porst#40
Assignees
oycyc
Labels
bug🐛 An issue with the system
@jj-mino

Description

@jj-mino
jj-mino
opened on Dec 8, 2021

Describe the Bug

The cloudposse/mq-broker/aws module is using the cloudposse/mq-broker/aws with version 0.3.1 internally, which fails with below error when passing multiple ports for the same type

# Error
│ Error: [WARN] A duplicate Security Group rule was found on (sg-0d867c5b26555c769). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, ALL, ALLOW" already exists
│       status code: 400, request id: 9573b001-d97f-490d-a18c-0f00c7d8e198
│
│   with module.mq_test.module.security_group.aws_security_group_rule.default["ingress--1-5671-5671-9c87e5e1ed040a443ce1ac8e6d6cf159"],
│   on .terraform/modules/mq_test.security_group/main.tf line 41, in resource "aws_security_group_rule" "default":
│   41: resource "aws_security_group_rule" "default" {

Expected Behavior

Security group should be created with the specified rules

## Steps to Reproduce
Use below root module to deploy the resource passin `security_group_rules` argument
# root module call
module "mq_test" {
  source = "cloudposse/mq-broker/aws"
  version     = "0.15.0"
  [...]
  security_group_rules = [
    {
      type        = "ingress"
      from_port   = 5671
      to_port     = 5671
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all outbound traffic"
    },
    {
      type        = "ingress"
      from_port   = 8883
      to_port     = 8883
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all outbound traffic"
    },
    {
      type        = "egress"
      from_port   = 5671
      to_port     = 5671
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all inbound traffic"
    }
  ]
}

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

  • OS: WSL
  • Version: Terraform v1.0.11
  • provider registry.terraform.io/hashicorp/aws v3.66.0

Metadata

Metadata

Assignees

Labels

bug🐛 An issue with the system

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions