Skip to content

Outdated security group module prevents from managing CIDR ranges #52

Open
Open
Outdated security group module prevents from managing CIDR ranges#52
Labels
bug🐛 An issue with the system
@lapkritinis

Description

@lapkritinis
lapkritinis
opened on May 21, 2024

Module uses security group module version 1.0.1. Prior version 2. (I think) SG module has an issue that CIDR ranges cannot be changed:

  # module.mwaa_security_group.aws_security_group_rule.keyed["_m[0]#mwaa#cidr"] must be replaced
+/- resource "aws_security_group_rule" "keyed" {
      ~ cidr_blocks              = [ # forces replacement
            # (2 unchanged elements hidden)
            "3.3.3.3/32",
          - "4.3.3.3/32",
        ]
      ~ id                       = "sgrule-915023772" -> (known after apply)
      + security_group_rule_id   = (known after apply)
      + source_security_group_id = (known after apply)
        # (8 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.mwaa_security_group.aws_security_group_rule.keyed["_m[0]#mwaa#cidr"]: Creating...
╷
│ Error: [WARN] A duplicate Security Group rule was found on (sg-062f428f6454c1fcf). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 1.1.1.1/32, ALL, ALLOW" already exists
│       status code: 400, request id: da5873e0-ea06-4277-a55a-4ca3362717d3
│ 
│   with module.mwaa_security_group.aws_security_group_rule.keyed["_m[0]#mwaa#cidr"],
│   on .terraform/modules/mwaa_security_group/main.tf line 141, in resource "aws_security_group_rule" "keyed":
│  141: resource "aws_security_group_rule" "keyed" {
│

Expected Behavior

Applies successfully like SG module v2.2.0 does

Steps to Reproduce

launch module with:
allowed_cidr_blocks = ["1.1.1.1/32",]

Try update module with:
allowed_cidr_blocks = ["1.1.1.1/32","2.2.2.2/32"]

Screenshots

No response

Environment

Irrelevant

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug🐛 An issue with the system

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions