Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with creating same ipv6 rule when using multiple *_with_source_security_group_id #79

Closed
JoshiiSinfield opened this issue Oct 3, 2018 · 4 comments
Closed

Error with creating same ipv6 rule when using multiple *_with_source_security_group_id #79

JoshiiSinfield opened this issue Oct 3, 2018 · 4 comments

Comments

@JoshiiSinfield
Copy link

Hi,

the following code:

module "alb_sg" {
  source                                                  = "terraform-aws-modules/security-group/aws"

  name                                                    = "alb-sg"
  description                                             = "SG "
  vpc_id                                                  = "${data.aws_vpc.vpc.id}"


  egress_cidr_blocks                                      = ["10.0.0.0/8"]
  egress_rules                                            = ["https-443-tcp"]

  ingress_with_cidr_blocks                                = [
    {
      rule        = "http-80-tcp"
      cidr_blocks = "10.0.0.0/8"
    }
  ]

  egress_with_source_security_group_id                    = [
    {
      rule                     = "mysql-tcp"
      source_security_group_id = "${data.aws_security_group.my_sg.id}"
    }, {
      rule                     = "mysql-tcp"
      source_security_group_id = "${data.aws_security_group.my_other_sg.id}"
    }
  ]
}

produces the following error:

Error message: the specified rule "peer: ::/0, TCP, from port: 3306, to port: 3306, ALLOW" already exists

adding this: egress_ipv6_cidr_blocks = [] fixes the issue, however I no longer get ipv6 CIDRs.

the working is fine for us as we don't currently use ipv6 however I can see it being an issue others.

Cheers,
Josh
@antonbabenko
Copy link
Member

Thanks for opening this issue.

You are right, this use-case is not supported by this module, and to be honest, I don't see how it can be implemented right now. hashicorp/terraform#2376 - this has more details.

Ideas and PRs are welcome.

@michaelaw320 michaelaw320 mentioned this issue Nov 27, 2019
Merged
@antonbabenko
Copy link
Member

Please use v3.6.0 which has been just released.

@yuklia
Copy link

yuklia commented Nov 26, 2020

Thanks, @JoshiiSinfield, for the advice! I've separated SG rules to different resources/modules. In my case issue was related to ingress rows with the same ports but different protocol

  {
      from_port   = 7946
      to_port     = 7946
      protocol    = "udp"
      description = "VPC level / swarm "
      cidr_blocks = var.vpc.cidr_block
    },
  {
      from_port   = 7946
      to_port     = 7946
      protocol    = "tcp"
      description = "VPC level / swarm "
      cidr_blocks = var.vpc.cidr_block
    },

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@antonbabenko @yuklia @JoshiiSinfield