security_groups ignored

cloudposse / terraform-aws-elasticsearch

Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash.

https://cloudposse.com/accelerate

Apache License 2.0

218 stars 231 forks source link

security_groups ignored #62

Closed holisticode closed 1 year ago

holisticode commented 4 years ago

Describe the Bug

Whatever is in security_groups seems to be ignored

Expected Behavior

Security groups specified in security_groups should be applied

Steps to Reproduce

security_groups = [aws_security_group.my_group1.id, aws_security_group.my_group2.id]

Screenshots

Output of terraform plan:

 ~ vpc_options {
            availability_zones = [
               <LIST>
            ]
          ~ security_group_ids = [
              - "sg-<my_group1.id>",
              - "sg-<my_group2.id>",
                "sg-<generated-group.id>",
              - "sg-<manually_added_group.id>",
            ]

In the above output, terraform is again trying to remove the groups I have manually added to the ES domain configuration via the AWS Web UI because in a previous run they did NOT get applied.

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

OS: ubuntu on AWS
Version 18.04

etessari commented 3 years ago

I'm experiencing the same issue, I created everything via terraform cli so It could not be a conflict with terraform state, I think its a bug.

devops-nfq commented 3 years ago

Yup me too. Try to add more security group but still not apply

king131 commented 3 years ago

Same issue.

king131 commented 3 years ago

I had found that, in the.terraform/modules/elasticsearch/main.tf line 164,the code security_group_ids = [join("", aws_security_group.default.*.id)] ,this security did not add any security_group content which we add in the parent module.

So, i added my security group id here manually. It's working. Like this security_group_ids = [join("", aws_security_group.default.*.id),"sg-xxxxxxxx"]

lbrulet commented 3 years ago

Same issue.

lgiuliani-mwb commented 2 years ago

The security_groups configuration option refers to the security groups that have access to the cluster' security group. This is an excerpt of a plan:

  + resource "aws_security_group_rule" "ingress_security_groups" {
      + description              = "Allow inbound traffic from Security Groups"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = "sg-AAAAAAA"
      + to_port                  = 65535
      + type                     = "ingress"
    }

Each specified SG will create a new ingress rule.

vegarab commented 2 years ago

Experiencing the same issue. Not able to attach security groups I have defined myself.

If you add security groups manually in the console, they will be overwritten whenever you run terraform apply. This completely breaks this module for anyone who would like to define separate security groups.

ycointe commented 2 years ago

Hello, I have the same issue. @bgottlob thank you for your PR ! Have you any update about it ?

acmitch commented 1 year ago

@osterman any update on this? Can we escalate?