I'm trying to create a security group that allows ingress on port 2049 for EFS from an EKS cluster security group but it times out during creation of the rule.
The infrastructure is fairly minimal and based on other cloudposse modules, I've included the relevant sections below:
module "vpc" {
source = "cloudposse/vpc/aws"
# Cloud Posse recommends pinning every module to a specific version
version = "1.1.1"
cidr_block = "172.16.0.0/16"
context = module.this.context
}
module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
# Cloud Posse recommends pinning every module to a specific version
version = "2.0.2"
availability_zones = var.availability_zones
vpc_id = module.vpc.vpc_id
igw_id = [module.vpc.igw_id]
ipv4_cidr_block = [module.vpc.vpc_cidr_block]
nat_gateway_enabled = true
nat_instance_enabled = false
context = module.this.context
}
module "eks_cluster" {
source = "cloudposse/eks-cluster/aws"
# Cloud Posse recommends pinning every module to a specific version
version = "2.3.2"
region = var.region
vpc_id = module.vpc.vpc_id
subnet_ids = concat(module.subnets.private_subnet_ids, module.subnets.public_subnet_ids)
kubernetes_version = var.kubernetes_version
oidc_provider_enabled = true
context = module.this.context
}
module "efs_security_group" {
source = "cloudposse/security-group/aws"
version = "1.0.1"
attributes = ["efs"]
# Allow unlimited egress
allow_all_egress = true
rules = [
{
key = "efs"
type = "ingress"
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = null
source_security_group_id = module.eks_cluster.security_group_id
description = "Allow access to EFS from the EKS cluster security group"
},
]
vpc_id = module.vpc.vpc_id
depends_on = [module.eks_cluster.kubernetes_config_map_id]
context = module.this.context
}
For some reason, terraform times out attempting to create the rule for reasons I don't understand
$ terraform apply
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [10s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [20s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [30s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [40s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [50s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [1m0s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [1m10s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [1m20s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [1m30s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [1m40s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [1m50s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [2m0s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [2m10s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [2m20s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [2m30s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [2m40s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [2m50s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [3m0s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [3m10s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [3m20s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [3m30s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [3m40s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [3m50s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [4m0s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [4m10s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [4m20s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [4m30s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [4m40s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [4m50s elapsed]
module.efs_security_group.aws_security_group_rule.keyed["efs"]: Still creating... [5m0s elapsed]
╷
│ Error: waiting for Security Group (sg-0d6b749720a5712e2) Rule (sgrule-75920449) create: couldn't find resource
│
│ with module.efs_security_group.aws_security_group_rule.keyed["efs"],
│ on .terraform/modules/efs_security_group/main.tf line 141, in resource "aws_security_group_rule" "keyed":
│ 141: resource "aws_security_group_rule" "keyed" {
│
╵
Operation failed: failed running terraform apply (exit 1)
Expected Behavior
I would expect the ingress security rule to be created on the security group.
Steps to Reproduce
Steps to reproduce the behavior:
Go to '...'
Run '....'
Enter '....'
See error
Screenshots
If applicable, add screenshots or logs to help explain your problem.
Environment (please complete the following information):
Anything that will help us triage the bug will help. Here are some ideas:
Found a bug? Maybe our Slack Community can help.
Describe the Bug
I'm trying to create a security group that allows ingress on port 2049 for EFS from an EKS cluster security group but it times out during creation of the rule. The infrastructure is fairly minimal and based on other cloudposse modules, I've included the relevant sections below:
For some reason, terraform times out attempting to create the rule for reasons I don't understand
Expected Behavior
I would expect the ingress security rule to be created on the security group.
Steps to Reproduce
Steps to reproduce the behavior:
Screenshots
If applicable, add screenshots or logs to help explain your problem.
Environment (please complete the following information):
Anything that will help us triage the bug will help. Here are some ideas:
Additional Context
Add any other context about the problem here.