Open YakDriver opened 1 month ago
Voting for Prioritization
Volunteering to Work on This Issue
Potential workarounds:
aws_security_group_rule
resourceresource "aws_security_group_rule" "example" {
description = "Allow LDAP from on-premise"
from_port = 636
protocol = "tcp"
security_group_id = aws_security_group.example.id
to_port = 636
cidr_blocks = ["18.0.0.0/24"]
type = "ingress"
}
resource "aws_security_group_rule" "example2" {
description = "Allow LDAP from on-premise"
from_port = 636
protocol = "tcp"
security_group_id = aws_security_group.example.id
to_port = 636
cidr_blocks = ["19.0.0.0/24"]
type = "ingress"
}
aws_security_group_rule
resource (for_each)variable "my_list" {
type = list(string)
default = ["18.0.0.0/24", "19.0.0.0/24"]
}
resource "aws_security_group_rule" "example" {
for_each = toset(var.my_list)
description = "Allow LDAP from on-premise"
from_port = 636
protocol = "tcp"
security_group_id = aws_security_group.example.id
to_port = 636
cidr_blocks = [each.value]
type = "ingress"
}
aws_vpc_security_group_ingress_rule
resourcevariable "my_list" {
type = list(string)
default = ["18.0.0.0/24", "19.0.0.0/24"]
}
resource "aws_vpc_security_group_ingress_rule" "example" {
for_each = toset(var.my_list)
description = "Allow LDAP from on-premise"
from_port = 636
ip_protocol = "tcp"
security_group_id = aws_security_group.example.id
to_port = 636
cidr_ipv4 = each.value
}
For fans of history, the error message below was penned by Mitchell Hashimoto 9 years ago. Most error messages have moved to a more modern style. This one has been left as a tribute.
[WARN] A duplicate Security Group rule was found on (<id>). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
information and instructions for recovery. Error: <error>
This is a specific scenario related to a family of longstanding challenges with
aws_security_group
andaws_security_group_rule
causingA duplicate Security Group rule was found
. There are two purposes to this issue:IMPORTANT NOTE
We highly recommend using
aws_vpc_security_group_egress_rule
andaws_vpc_security_group_ingress_rule
instead ofaws_security_group_rule
. It may be useful to think ofaws_security_group_rule
as semi deprecated.Terraform Core Version
1.9.2
AWS Provider Version
5.59.0
Affected Resource(s)
Expected Behavior
Applying configuration should succeed recreating missing
cidr_blocks
.Actual Behavior
Applying the configuration, after an out-of-band change to the CIDR blocks, causes an error.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
References
There seem to be many error reports in the same neighborhood:
19082
14966
31729
29797
27024
26125
25965
25173
19082
12450
7425
Would you like to implement a fix?
None