Closed karaluh closed 2 years ago
This is not a bug in this module, this is a consequence of how the Terraform type system works. Please see "Why the input is so complex" in https://github.com/cloudposse/terraform-aws-security-group#rules-and-rules_map-inputs and also https://github.com/hashicorp/terraform/issues/31102
Probably the easiest thing to do is simply wrap the cidr_blocks
inputs with tolist()
. Alternately, this module provides a rules_map
input to avoid exactly this problem. (BTW, the nat_gateway_public_ips
output is deprecated, so use nat_ips
instead.)
module "sg" {
source = "git::https://github.com/cloudposse/terraform-aws-security-group?ref=2.0.0-rc1"
vpc_id = module.vpc.vpc_id
rules_map = {
ingress = [{
key = "ingress"
type = "ingress"
from_port = 0
to_port = 2222
protocol = "tcp"
cidr_blocks = module.subnets.nat_gateway_public_ips
self = null
description = "2222"
}],
egress = [{
key = "egress"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
self = null
description = "All output traffic"
}]
}
}
Found a bug? Maybe our Slack Community can help.
Describe the Bug
DISCLAIMER: I know the NAT-GW IP from dynamic subnets module lacks CIDR, I left it as it is to not complicate the example because the lack of CIDR doesn't cause the issue I'm reporting here.
Executing terraform apply from the code below ends with an error:
Environment (please complete the following information):
Terraform v1.2.9 on windows_amd64
Additional Context