[Bug]: security_groups and source_destination_check not read on aws_spot_request

[trunkyredstone]

Terraform Core Version

1.2.0

AWS Provider Version

4.36.1

Affected Resource(s)

aws_spot_instance_request

Expected Behavior

No changes should happen on the resource

Actual Behavior

The resource is marked as missing a security group as well as the source destination check being set to true, so it is changed - which causes a reapply. The source destination check is never actually applied

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_spot_instance_request" "nat_gateway" {
  ami                            = "ami-xxxx"
  instance_type                  = "t4g.nano"
  instance_interruption_behavior = "terminate"
  disable_api_termination        = true
  source_destination_check = false

  subnet_id            = xxxx
  security_groups      = [aws_security_group.some_sg.id]

  wait_for_fulfillment = true
}

Steps to Reproduce

Deploy the above resource (security group not supplied), and set the source destination check to false. On apply, the security groups will be reapplied and source destination check set to true again.

Debug Output

https://ass.atomicvr.co.uk/FkFsYDrk4c5k

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[trunkyredstone]

Update: I have an idea for a possible fix. Setting up a go environment to try it out

[trunkyredstone]

Identified that this issue links to 6416. Terraform reads the set securityy groups as vpc_security_group_ids, leaving security_groups blank, forcing a replacement.

[trunkyredstone]

Possible that this behaviour is as intended?

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!