│ Error: creating VPC Security Group Rule
│
│ with module.main-service.aws_vpc_security_group_ingress_rule.service_security_group_ingress[0],
│ on ../../modules/service/nlb.tf line 76, in resource "aws_vpc_security_group_ingress_rule" "service_security_group_ingress":
│ 76: resource "aws_vpc_security_group_ingress_rule" "service_security_group_ingress" {
│
│ operation error EC2: AuthorizeSecurityGroupIngress, https response error StatusCode: 400, RequestID:
│ b868f34a-f18b-4d5a-8174-0bec8719a428, api error InvalidGroup.NotFound: The security group 'sg-076203e21c7fccdd0' does not exist
note that the referenced security group absolutely does exist in the same VPC as the created security group.
Relevant Error/Panic Output Snippet
│ Error: creating VPC Security Group Rule
│
│ with module.main-service.aws_vpc_security_group_ingress_rule.service_security_group_ingress[0],
│ on ../../modules/service/nlb.tf line 76, in resource "aws_vpc_security_group_ingress_rule" "service_security_group_ingress":
│ 76: resource "aws_vpc_security_group_ingress_rule" "service_security_group_ingress" {
│
│ operation error EC2: AuthorizeSecurityGroupIngress, https response error StatusCode: 400, RequestID:
│ b868f34a-f18b-4d5a-8174-0bec8719a428, api error InvalidGroup.NotFound: The security group 'sg-076203e21c7fccdd0' does not exist
Terraform Configuration Files
resource "aws_security_group" "service_security_group" {
name = "test-sg"
description = "Security group for permitting nlb traffic to the service"
vpc_id = var.cluster_vpc
}
resource "aws_vpc_security_group_ingress_rule" "service_security_group_ingress" {
security_group_id = aws_security_group.service_security_group.id
referenced_security_group_id = 'sg-076203e21c7fccdd0'
from_port = -1
ip_protocol = "-1"
to_port = -1
}
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.5.7
AWS Provider Version
5.68.0
Affected Resource(s)
aws_vpc_security_group_ingress_rule, aws_security_group
Expected Behavior
When creating a rule connecting a second security group to the ingress, it should send an AWS API command like so:
or else an error should be reported suggesting using the id instead of the arn if using the arn isn't supported
Actual Behavior
The following was sent to AWS and rejected, resulting in an error saying the security group doesn't exist:
The error:
note that the referenced security group absolutely does exist in the same VPC as the created security group.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
Run terraform apply
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None