Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Outdated security group module prevents from managing CIDR ranges #52

Open
lapkritinis opened this issue May 21, 2024 · 0 comments
Open

Outdated security group module prevents from managing CIDR ranges #52

lapkritinis opened this issue May 21, 2024 · 0 comments
Labels
bug 🐛 An issue with the system

Comments

@lapkritinis
Copy link

lapkritinis commented May 21, 2024
edited
Loading

Module uses security group module version 1.0.1. Prior version 2. (I think) SG module has an issue that CIDR ranges cannot be changed:

  # module.mwaa_security_group.aws_security_group_rule.keyed["_m[0]#mwaa#cidr"] must be replaced
+/- resource "aws_security_group_rule" "keyed" {
      ~ cidr_blocks              = [ # forces replacement
            # (2 unchanged elements hidden)
            "3.3.3.3/32",
          - "4.3.3.3/32",
        ]
      ~ id                       = "sgrule-915023772" -> (known after apply)
      + security_group_rule_id   = (known after apply)
      + source_security_group_id = (known after apply)
        # (8 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.mwaa_security_group.aws_security_group_rule.keyed["_m[0]#mwaa#cidr"]: Creating...
╷
│ Error: [WARN] A duplicate Security Group rule was found on (sg-062f428f6454c1fcf). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 1.1.1.1/32, ALL, ALLOW" already exists
│       status code: 400, request id: da5873e0-ea06-4277-a55a-4ca3362717d3
│ 
│   with module.mwaa_security_group.aws_security_group_rule.keyed["_m[0]#mwaa#cidr"],
│   on .terraform/modules/mwaa_security_group/main.tf line 141, in resource "aws_security_group_rule" "keyed":
│  141: resource "aws_security_group_rule" "keyed" {
│

Expected Behavior

Applies successfully like SG module v2.2.0 does

Steps to Reproduce

launch module with:
allowed_cidr_blocks = ["1.1.1.1/32",]

Try update module with:
allowed_cidr_blocks = ["1.1.1.1/32","2.2.2.2/32"]

Screenshots

No response

Environment

Irrelevant

Additional Context

No response
@lapkritinis lapkritinis added the bug 🐛 An issue with the system label May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lapkritinis