Reputation: 1727
invalid CIDR address in terraform aws_security_group resource with cidr_blocks from file
I'm trying to create a security group ingress rule from a file containing a list of CIDRs in the following format:
"127.0.0.1/32",
"127.0.0.1/32",
"127.0.0.1/32"
The CIDRs are retrieved from the file as follows:
cidrs = "${split(",", file("${path.module}/cidrs"))}"
and passed to the aws_security_group resource as a (list) variable:
resource "aws_security_group" "test" {
...
ingress {
...
cidr_blocks = "${var.cidrs}"
}
}
running terraform plan results in the following error:
[ERROR] root.test: eval: *terraform.EvalValidateResource, err:
Warnings: []. Errors: [
"ingress.2.cidr_blocks.0" must contain a valid CIDR, got error parsing:
invalid CIDR address: "127.0.0.1/32"
"ingress.2.cidr_blocks.1" must contain a valid CIDR, got error parsing:
invalid CIDR address: "127.0.0.1/32"
"ingress.2.cidr_blocks.2" must contain a valid CIDR, got error parsing:
invalid CIDR address: "127.0.0.1/32"
]
So it seems like the contents or the file are converted into a list or 3 cidr blocks that look correct, but terraform fails to parse any of them.
However, if I assign cidr_blocks = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"] everything seems to work fine.
Assigning a list to the variable cidrs = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"] works fine, as well. The issue seems to be caused by ${split(",", file())
[INFO] Terraform version: 0.11.0 ec9d4f1d0f90e8ec5148f94b6d634eb542a4f0ce+CHANGES
Upvotes: 0
Views: 6782
Answers (2)
Reputation: 59956
I was trying to allow traffic from ALB, where I need to pass another security group add to Allow traffic from ALB. So my error was most similar to your question so adding as an answer might help someone else as I did not find well answer.
If you want to add another security group in the whitelist section so then it can help.
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
security_groups = ["${aws_security_group.alb_secuirty_group.id}"]
description = "HTTP"
}
Upvotes: 1
Reputation: 117
I Edited my last answer:
If you need it from a comma separated file, theres no need to split values, just make it a list with []
cidr_blocks = ["${var.cidrs}"]
or simpler
cidr_blocks = ["${file("cidrs.scv")"}]
Upvotes: 0
Related Questions
- "" is not a valid CIDR block: invalid CIDR address
- Getting Terraform error: "Error: expected cidr_block to contain a valid Value, got: with err: invalid CIDR address:"
- AWS Terraform error: "expected cidr_block to contain a valid Value, got: with err: invalid CIDR address:"
- I getting CIDR error while doing terragrunt apply
- Unable to parse cidr_block from terraform data source
- Issue while adding AWS Security Group via Terraform
- Terraform - expected cidr_block to contain a valid Value, got: 0.0.0.0 with err: invalid CIDR address: 0.0.0.0
- Inappropriate value for the attribute cidr_block string is required
- Error: Inappropriate value for attribute "cidr_blocks": list of string required
- Error: Incorrect attribute value type - Terraform datasource(aws_ip_ranges)