Reputation: 410
Recreate Same Security Group Rule Each time I execute "terrafrom apply/plan"
Without making any changes to main.tf, Terraform add already existing security group rules. Terrafrom Identifies each SG rules in main.tf as a new rule(but these rules are already in aws as a result of previous execution)and try to recreate them when I execute the command(terrafrom plan/apply)
This is output of terraform apply command
~ module.application_sg.aws_security_group.security_group
ingress.#: "3" => "1"
ingress.2358522502.cidr_blocks.#: "1" => "0"
ingress.2358522502.cidr_blocks.0: "20.0.1.0/24" => ""
ingress.2358522502.from_port: "443" => "0"
ingress.2358522502.protocol: "tcp" => ""
ingress.2358522502.security_groups.#: "0" => "0"
ingress.2358522502.self: "false" => "false"
ingress.2358522502.to_port: "443" => "0"
ingress.3250959853.cidr_blocks.#: "1" => "0"
ingress.3250959853.cidr_blocks.0: "20.0.1.0/24" => ""
ingress.3250959853.from_port: "8080" => "0"
ingress.3250959853.protocol: "tcp" => ""
ingress.3250959853.security_groups.#: "0" => "0"
ingress.3250959853.self: "false" => "false"
ingress.3250959853.to_port: "8080" => "0"
ingress.753360330.cidr_blocks.#: "0" => "0"
ingress.753360330.from_port: "0" => "0"
ingress.753360330.protocol: "-1" => "-1"
ingress.753360330.security_groups.#: "0" => "0"
ingress.753360330.self: "true" => "true"
ingress.753360330.to_port: "0" => "0"
+ module.rule1.aws_security_group_rule.rule
cidr_blocks.#: "1"
cidr_blocks.0: "20.0.1.0/24"
from_port: "80"
protocol: "tcp"
security_group_id: "sg-17c13770"
self: "false"
source_security_group_id: "<computed>"
to_port: "80"
type: "ingress"
This rules is already existing one.Please help to avoid this as this is very difficult to understand when we are going to add new rules to environment.
Upvotes: 2
Views: 1875
Answers (2)
Reputation: 204
Do not put ingress/egress rule in aws_security_group object. Use aws_security_group_rule to manage the rules.
eg.
resource "aws_security_group" "my-secret-group" {
name = "my-secret-group"
vpc_id = "vpc-12345678"
}
resource "aws_security_group_rule" "ssh-external-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.my-secret-group.id}"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "http-external-to-node" {
type = "ingress"
security_group_id = "${aws_security_group.my-secret-group.id}"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
Upvotes: 0
Reputation: 56997
Check the state file. This normally happens when Terraform has applied the changes but hasn't updated the state file.
You can list what's in the state file for the location by using:
terraform state list
If it's missing in the state file you should be able to use Terraform's import command to import the pre-existing resource into the state file with something like:
terraform import aws_security_group.security_group sg-123456
Upvotes: 1
Related Questions
- terraform wants to replace ec2 instances when i simply want to add a rule to a security group
- Add an aws_security_group_rule that contains self and a security group id to a security group
- How to add security group rule to multiple security groups
- Use existing AWS security group in terraform
- Terraform Apply always modifies a Security Group in place
- Creating multiple SecurityGroups / Rules in AWS using Terraform
- Terraform for loop to generate security group rules
- Terraform: All security group rules are destroyed and replaced when adding a single rule
- AWS with Terraform - security groups argument inside a security group rule
- How can I set the security group rule description with Terraform?