aws_network_acl: diffs didn't match during apply

[ghost]

This issue was originally opened by @Prashantpv as hashicorp/terraform#18493. It was migrated here as a result of the provider split. The original body of the issue is below.

---

We are using terraform to provision our end to end infrastructure on AWS. We have written modules for VPC, Private Subnet, Public Subnet and many more. Everything was working fine until yesterday but now we are facing some issue with aws_network_acl resource wherein on every terraform apply, its showing there are some updates which are false positive (no changes at rest). Below is the error which we are facing:

module.private_subnet.aws_network_acl.app: aws_network_acl.app: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue. Provider info and diff:

Terraform Version: 0.11.7 Resource ID: aws_network_acl.app Mismatch reason: attribute mismatch: egress.1222510970.cidr_block

Diff One (usually from plan): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"egress.2803523355.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.from_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.to_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.to_port":*terraform.ResourceAttrDiff{Old:"123", New:"123", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.from_port":*terraform.ResourceAttrDiff{Old:"22", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.to_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.icmp_code":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.from_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"${data.aws_subnet.app.0.cidr_block}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.rule_no":*terraform.ResourceAttrDiff{Old:"400", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.rule_no":*terraform.ResourceAttrDiff{Old:"1000", New:"1000", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.to_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.rule_no":*terraform.ResourceAttrDiff{Old:"1001", New:"1001", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.from_port":*terraform.ResourceAttrDiff{Old:"443", New:"443", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.from_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.to_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.rule_no":*terraform.ResourceAttrDiff{Old:"800", New:"800", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.rule_no":*terraform.ResourceAttrDiff{Old:"500", New:"500", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.protocol":*terraform.ResourceAttrDiff{Old:"17", New:"udp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.from_port":*terraform.ResourceAttrDiff{Old:"1024", New:"1024", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.to_port":*terraform.ResourceAttrDiff{Old:"22", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.rule_no":*terraform.ResourceAttrDiff{Old:"100", New:"100", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.rule_no":*terraform.ResourceAttrDiff{Old:"900", New:"900", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.cidr_block":*terraform.ResourceAttrDiff{Old:"104.192.143.66/32", New:"104.192.143.66/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.rule_no":*terraform.ResourceAttrDiff{Old:"", New:"300", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.rule_no":*terraform.ResourceAttrDiff{Old:"600", New:"600", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.from_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.rule_no":*terraform.ResourceAttrDiff{Old:"300", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.from_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.icmp_type":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.rule_no":*terraform.ResourceAttrDiff{Old:"1003", New:"1003", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.to_port":*terraform.ResourceAttrDiff{Old:"22", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.to_port":*terraform.ResourceAttrDiff{Old:"22", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.protocol":*terraform.ResourceAttrDiff{Old:"17", New:"udp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.from_port":*terraform.ResourceAttrDiff{Old:"53", New:"53", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.to_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.from_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.protocol":*terraform.ResourceAttrDiff{Old:"17", New:"udp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.rule_no":*terraform.ResourceAttrDiff{Old:"", New:"1101", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.to_port":*terraform.ResourceAttrDiff{Old:"443", New:"443", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.rule_no":*terraform.ResourceAttrDiff{Old:"1005", New:"1005", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/22", New:"10.5.24.0/22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.to_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.from_port":*terraform.ResourceAttrDiff{Old:"22", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/25", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.icmp_type":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.from_port":*terraform.ResourceAttrDiff{Old:"22", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.rule_no":*terraform.ResourceAttrDiff{Old:"1004", New:"1004", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.action":*terraform.ResourceAttrDiff{Old:"allow", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.from_port":*terraform.ResourceAttrDiff{Old:"53", New:"53", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.to_port":*terraform.ResourceAttrDiff{Old:"80", New:"80", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.icmp_type":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.rule_no":*terraform.ResourceAttrDiff{Old:"", New:"400", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.rule_no":*terraform.ResourceAttrDiff{Old:"700", New:"700", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/22", New:"10.5.24.0/22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.cidr_block":*terraform.ResourceAttrDiff{Old:"104.192.143.1/32", New:"104.192.143.1/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3252518103.rule_no":*terraform.ResourceAttrDiff{Old:"1000", New:"1000", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.from_port":*terraform.ResourceAttrDiff{Old:"1024", New:"1024", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.rule_no":*terraform.ResourceAttrDiff{Old:"200", New:"200", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.rule_no":*terraform.ResourceAttrDiff{Old:"500", New:"500", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"${data.aws_subnet.app.1.cidr_block}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.rule_no":*terraform.ResourceAttrDiff{Old:"300", New:"300", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.from_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/22", New:"10.5.24.0/22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.rule_no":*terraform.ResourceAttrDiff{Old:"800", New:"800", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.from_port":*terraform.ResourceAttrDiff{Old:"3306", New:"3306", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.to_port":*terraform.ResourceAttrDiff{Old:"65535", New:"65535", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.from_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.to_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.rule_no":*terraform.ResourceAttrDiff{Old:"100", New:"100", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"${data.aws_subnet.app.0.cidr_block}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.cidr_block":*terraform.ResourceAttrDiff{Old:"104.192.143.65/32", New:"104.192.143.65/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.to_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.rule_no":*terraform.ResourceAttrDiff{Old:"1301", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.cidr_block":*terraform.ResourceAttrDiff{Old:"104.192.143.3/32", New:"104.192.143.3/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.from_port":*terraform.ResourceAttrDiff{Old:"465", New:"465", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"${data.aws_subnet.app.1.cidr_block}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.to_port":*terraform.ResourceAttrDiff{Old:"3306", New:"3306", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.from_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.128/25", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.icmp_type":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.from_port":*terraform.ResourceAttrDiff{Old:"22", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.action":*terraform.ResourceAttrDiff{Old:"allow", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.to_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.icmp_code":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.rule_no":*terraform.ResourceAttrDiff{Old:"1101", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.from_port":*terraform.ResourceAttrDiff{Old:"1024", New:"1024", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1453271636.to_port":*terraform.ResourceAttrDiff{Old:"587", New:"587", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.128/25", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.action":*terraform.ResourceAttrDiff{Old:"allow", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"${data.aws_subnet.app.1.cidr_block}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.action":*terraform.ResourceAttrDiff{Old:"allow", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.rule_no":*terraform.ResourceAttrDiff{Old:"200", New:"200", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.action":*terraform.ResourceAttrDiff{Old:"allow", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.to_port":*terraform.ResourceAttrDiff{Old:"65535", New:"65535", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4233684549.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.rule_no":*terraform.ResourceAttrDiff{Old:"1002", New:"1002", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.cidr_block":*terraform.ResourceAttrDiff{Old:"10.0.100.210/32", New:"10.0.100.210/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.to_port":*terraform.ResourceAttrDiff{Old:"123", New:"123", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.3170124111.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.icmp_type":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.128/25", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.to_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1090128820.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.icmp_code":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.189940182.to_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.rule_no":*terraform.ResourceAttrDiff{Old:"900", New:"900", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.from_port":*terraform.ResourceAttrDiff{Old:"123", New:"123", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2654803892.from_port":*terraform.ResourceAttrDiff{Old:"80", New:"80", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.from_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.rule_no":*terraform.ResourceAttrDiff{Old:"", New:"1300", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.from_port":*terraform.ResourceAttrDiff{Old:"22", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.from_port":*terraform.ResourceAttrDiff{Old:"25", New:"25", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.to_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.cidr_block":*terraform.ResourceAttrDiff{Old:"104.192.143.67/32", New:"104.192.143.67/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.rule_no":*terraform.ResourceAttrDiff{Old:"400", New:"400", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.rule_no":*terraform.ResourceAttrDiff{Old:"1300", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.866173816.to_port":*terraform.ResourceAttrDiff{Old:"22", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.to_port":*terraform.ResourceAttrDiff{Old:"53", New:"53", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.to_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.to_port":*terraform.ResourceAttrDiff{Old:"65535", New:"65535", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.action":*terraform.ResourceAttrDiff{Old:"allow", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.rule_no":*terraform.ResourceAttrDiff{Old:"700", New:"700", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.cidr_block":*terraform.ResourceAttrDiff{Old:"104.192.143.2/32", New:"104.192.143.2/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2441358607.from_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.from_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3351053860.to_port":*terraform.ResourceAttrDiff{Old:"25", New:"25", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.to_port":*terraform.ResourceAttrDiff{Old:"443", New:"443", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.rule_no":*terraform.ResourceAttrDiff{Old:"", New:"1100", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.4260209151.from_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.icmp_code":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2839617562.from_port":*terraform.ResourceAttrDiff{Old:"8080", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1222510970.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.icmp_code":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2332461370.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2778032303.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1983976419.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.from_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.to_port":*terraform.ResourceAttrDiff{Old:"80", New:"80", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1481667888.rule_no":*terraform.ResourceAttrDiff{Old:"600", New:"600", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/22", New:"10.5.24.0/22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.4038781204.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.rule_no":*terraform.ResourceAttrDiff{Old:"1100", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.to_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.cidr_block":*terraform.ResourceAttrDiff{Old:"0.0.0.0/0", New:"0.0.0.0/0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.1755764295.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/25", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2803523355.to_port":*terraform.ResourceAttrDiff{Old:"53", New:"53", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~3175836470.rule_no":*terraform.ResourceAttrDiff{Old:"", New:"1301", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2810421381.from_port":*terraform.ResourceAttrDiff{Old:"123", New:"123", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2179305320.protocol":*terraform.ResourceAttrDiff{Old:"17", New:"udp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.from_port":*terraform.ResourceAttrDiff{Old:"80", New:"80", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1622673420.protocol":*terraform.ResourceAttrDiff{Old:"6", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.to_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2282655795.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "subnet_ids.#":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.275189847.cidr_block":*terraform.ResourceAttrDiff{Old:"10.5.24.0/25", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.842259071.icmp_code":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~4237690861.icmp_type":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.2361790184.to_port":*terraform.ResourceAttrDiff{Old:"22", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "ingress.~2694256893.to_port":*terraform.ResourceAttrDiff{Old:"", New:"8080", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3112760257.icmp_type":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.2236105650.ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.1222510970.from_port":*terraform.ResourceAttrDiff{Old:"443", New:"443", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.3677405822.from_port":*terraform.ResourceAttrDiff{Old:"9418", New:"9418", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"${data.aws_subnet.app.0.cidr_block}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "egress.~1562802303.icmp_code":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
Diff Two (usually from apply): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff(nil), Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}

_Private Subnet Module:_

main.tf:

/**
 * Region
 */

provider "aws" {
  region  = "${var.aws_region}"
  profile = "${var.profile}"
  version = "<=1.24.0"
}

/**
 * private subnets
 */

resource "aws_subnet" "private" {
  vpc_id            = "${var.vpc_id}"
  cidr_block        = "${element(keys(var.private_subnets), count.index)}"
  availability_zone = "${element(var.availability_zones, count.index)}"
  count             = "${length(var.private_subnets)}"

  tags {
    Name         = "${format("%s-%s-private-%s-%d", var.name, lookup(var.private_subnets, element(keys(var.private_subnets), count.index)), element(split("-", element(var.availability_zones, count.index)),2), count.index+1)}"
    role         = "${lookup(var.private_subnets, element(keys(var.private_subnets), count.index))}"
    az           = "${element(var.availability_zones, count.index)}"
    environment  = "${var.environment}"
    organization = "${var.organization}"
    businessunit = "${var.businessunit}"
  }
}

/**
 * Route Tables
 */

resource "aws_route_table" "private" {
  vpc_id = "${var.vpc_id}"
  count  = "${length(var.private_subnets)}"

  tags {
    Name         = "${format("%s-%s-rt-private-%s-%d", var.name, lookup(var.private_subnets, element(keys(var.private_subnets), count.index)), element(split("-", element(var.availability_zones, count.index)),2), count.index+1)}"
    role         = "${lookup(var.private_subnets, element(keys(var.private_subnets), count.index))}"
    az           = "${element(var.availability_zones, count.index)}"
    environment  = "${var.environment}"
    organization = "${var.organization}"
    businessunit = "${var.businessunit}"
  }
}

resource "aws_route" "private-nat" {
  count                  = "${length(var.nat_gateway_map) * length(var.availability_zones)}"
  route_table_id         = "${element(data.aws_route_table.natroutetables.*.id, count.index)}"
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = "${element(split(",", var.nat_gateway_ids), count.index)}"

  //  lifecycle {
  //    create_before_destroy = true
  //  }
}

resource "aws_route" "private-vpg" {
  count                  = "${length(var.vpg_map) * length(var.vpg_cidr) * length(var.availability_zones)}"
  route_table_id         = "${element(data.aws_route_table.vpgroutetables.*.id, count.index)}"
  destination_cidr_block = "${element(var.vpg_cidr, floor(count.index/(length(var.vpg_map)*length(var.availability_zones))))}"
  gateway_id             = "${var.vpn_gateway_id}"
}

resource "aws_route_table_association" "private" {
  count          = "${length(var.private_subnets)}"
  subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
}

resource "aws_vpc_endpoint" "private-s3" {
    vpc_id       = "${var.vpc_id}"
    service_name = "com.amazonaws.${var.aws_region}.s3"
    count          = "${length(var.private_subnets)}"
    route_table_ids = [ "${element(aws_route_table.private.*.id, count.index)}" ]
    policy = <<POLICY
    {
        "Statement": [
            {
                "Action": "*","Effect": "Allow","Resource": "*","Principal": "*"
            }
        ]
    }
    POLICY
}

output "private_subnet_ids" {
  value = "${join(",", aws_subnet.private.*.id)}"
}

acl.tf

/**
 * File to define multiple security groups based on type of application
 *
 */

resource "aws_network_acl" "db" {
  vpc_id     = "${var.vpc_id}"
  subnet_ids = ["${data.aws_subnet.db.*.id}"]

  // allowing return traffic of all requests initiated from db subnet itself
  // allows 9042 cassandra port from k8s subnet
  // allows 3306 mysql port from k8s subnets
  // allows 9092 kafka port from k8s subnets and db subnets itself
  // allows 2181 zookeeper port from kafka db subnets and k8s subnets
  // allows 9200, 9300 elasticsearch ports from k8s subnets
  // 2888, 3888 zookeeper port from db subnets to communicate with each other
  ingress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 100
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }

  ingress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 200
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }

  ingress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.db.1.cidr_block}"
  }

  ingress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 400
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.db.0.cidr_block}"
  }

  egress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 100
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // Alowing 80 and 443 to communicate with internet for any installation of packages or external repo access
  egress {
    from_port  = 80
    to_port    = 80
    rule_no    = 200
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  egress {
    from_port  = 443
    to_port    = 443
    rule_no    = 300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // Alowing to communicate to internal dns server
  egress {
    from_port  = 53
    to_port    = 53
    rule_no    = 400
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }
  egress {
    from_port  = 53
    to_port    = 53
    rule_no    = 500
    action     = "allow"
    protocol   = "udp"
    cidr_block = "${var.vpc_cidr}"
  }

  count      = "${length(matchkeys(keys(var.private_subnets), values(var.private_subnets),list("db"))) >= 1 ? 1 : 0}"
  depends_on = ["aws_subnet.private"]
  tags {
    Name         = "${format("%s-acl-database", var.name)}"
    environment  = "${var.environment}"
    role         = "db"
    organization = "${var.organization}"
    businessunit = "${var.businessunit}"
  }
}

resource "aws_network_acl" "infra" {
  vpc_id     = "${var.vpc_id}"
  subnet_ids = ["${data.aws_subnet.infra.*.id}"]

  ingress {
    from_port  = 443
    to_port    = 443
    rule_no    = 200
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }

  ingress {
    from_port  = 22
    to_port    = 22
    rule_no    = 300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }

  ingress {
    from_port  = 22
    to_port    = 22
    rule_no    = 400
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }

  ingress {
    from_port  = 3306
    to_port    = 3306
    rule_no    = 500
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }

  ingress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }

  ingress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1301
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }

  // Allowing return traffic of the requests initiated from the subnet itself
  // allowing intraffic from nat gateway at 5000 port to pull docker images from ctrls servers
  //allowing 8080 for jenkins UI
  // 9042 cassandra traffic coming from infra subnet
  ingress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 600
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // Allowing dns response from internal dns server
  // allows response of internet ntp server
  ingress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 700
    action     = "allow"
    protocol   = "udp"
    cidr_block = "0.0.0.0/0"
  }
  ingress {
    from_port  = 80
    to_port    = 80
    rule_no    = 800
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  #TODO: need to remove this
  // Allows to login from bastion server on katello server temporarily
  ingress {
    from_port  = 22
    to_port    = 22
    rule_no    = 900
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }
  // response of public ntp server to bank ntp server
  // allows bank infra to connect to saas ntp server
  ingress {
    from_port  = 123
    to_port    = 123
    rule_no    = 1000
    action     = "allow"
    protocol   = "udp"
    cidr_block = "0.0.0.0/0"
  }
  // Alowing 80 and 443 to communicate with internet for any installation of packages or external repo access
  egress {
    from_port  = 80
    to_port    = 80
    rule_no    = 100
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  egress {
    from_port  = 443
    to_port    = 443
    rule_no    = 200
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // Allowing to connect to bitbucket and also for deployment on ctrls servers
  // allows connectivity from jenkins master to all salt masters to update repo
  egress {
    from_port  = 22
    to_port    = 22
    rule_no    = 300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  //allowing return traffic of all the requests coming to infra servers
  // also allowing 4505-4506 port to connect to salt master
  // allows response of 443 request coming from ite k8s
  // allows 6443 for jenkins to k8s master connectivity to deployment
  egress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 400
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // temporarily Alowing to communicate to internal dns server
  egress {
    from_port  = 53
    to_port    = 53
    rule_no    = 500
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }
  egress {
    from_port  = 53
    to_port    = 53
    rule_no    = 600
    action     = "allow"
    protocol   = "udp"
    cidr_block = "${var.vpc_cidr}"
  }
  // allows to connect to ntpserver on internet
  // allows reponse to bank ntp clients connecting to ntp server
  egress {
    from_port  = 123
    to_port    = 123
    rule_no    = 700
    action     = "allow"
    protocol   = "udp"
    cidr_block = "0.0.0.0/0"
  }
  // allowed smtp port to send mail on mysql failover from orchestrator
  egress {
    from_port  = 25
    to_port    = 25
    rule_no    = 800
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // allowed connectivity for port no 465-587 for sending mails via gmail smtp server for qa automation job on jenkins
  egress {
    from_port  = 465
    to_port    = 587
    rule_no    = 900
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }

  egress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1100
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }
  egress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1101
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }

  count      = "${length(matchkeys(keys(var.private_subnets), values(var.private_subnets),list("infra"))) >= 1 ? 1 : 0}"
  depends_on = ["aws_subnet.private"]
  tags {
    Name         = "${format("%s-acl-infra", var.name)}"
    environment  = "${var.environment}"
    role         = "infra"
    organization = "${var.organization}"
    businessunit = "${var.businessunit}"
  }
}

resource "aws_network_acl" "app" {
  vpc_id     = "${var.vpc_id}"
  subnet_ids = ["${data.aws_subnet.app.*.id}"]

  ingress {
    from_port  = 443
    to_port    = 443
    rule_no    = 200
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }

  ingress {
    from_port  = 22
    to_port    = 22
    rule_no    = 300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }

  ingress {
    from_port  = 22
    to_port    = 22
    rule_no    = 400
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }

  ingress {
    from_port  = 3306
    to_port    = 3306
    rule_no    = 500
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }

  ingress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }

  ingress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1301
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }

  // Allows to login from bastion server on katello server temporarily
  ingress {
    from_port  = 22
    to_port    = 22
    rule_no    = 900
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }
  // response of public ntp server to bank ntp server
  // allows bank infra to connect to saas ntp server
  ingress {
    from_port  = 123
    to_port    = 123
    rule_no    = 1000
    action     = "allow"
    protocol   = "udp"
    cidr_block = "0.0.0.0/0"
  }
  //port required for allowing access on infra sftp server from k8s nodes
  egress {
    from_port  = 80
    to_port    = 80
    rule_no    = 100
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  egress {
    from_port  = 443
    to_port    = 443
    rule_no    = 200
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // Allowing to connect to bitbucket and also for deployment on ctrls servers
  // allows connectivity from jenkins master to all salt masters to update repo
  egress {
    from_port  = 22
    to_port    = 22
    rule_no    = 300
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  //allowing return traffic of all the requests coming to infra servers
  // also allowing 4505-4506 port to connect to salt master
  // allows response of 443 request coming from ite k8s
  // allows 6443 for jenkins to k8s master connectivity to deployment
  egress {
    from_port  = 1024
    to_port    = 65535
    rule_no    = 400
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // temporarily Alowing to communicate to internal dns server
  egress {
    from_port  = 53
    to_port    = 53
    rule_no    = 500
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${var.vpc_cidr}"
  }
  egress {
    from_port  = 53
    to_port    = 53
    rule_no    = 600
    action     = "allow"
    protocol   = "udp"
    cidr_block = "${var.vpc_cidr}"
  }
  // allows to connect to ntpserver on internet
  // allows reponse to bank ntp clients connecting to ntp server
  egress {
    from_port  = 123
    to_port    = 123
    rule_no    = 700
    action     = "allow"
    protocol   = "udp"
    cidr_block = "0.0.0.0/0"
  }
  // allowed smtp port to send mail on mysql failover from orchestrator
  egress {
    from_port  = 25
    to_port    = 25
    rule_no    = 800
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }
  // allowed connectivity for port no 465-587 for sending mails via gmail smtp server for qa automation job on jenkins
  egress {
    from_port  = 465
    to_port    = 587
    rule_no    = 900
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "0.0.0.0/0"
  }

  egress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1100
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.0.cidr_block}"
  }
  egress {
    from_port  = 8080
    to_port    = 8080
    rule_no    = 1101
    action     = "allow"
    protocol   = "tcp"
    cidr_block = "${data.aws_subnet.app.1.cidr_block}"
  }
  count = "${length(matchkeys(keys(var.private_subnets), values(var.private_subnets),list("app"))) >= 1 ? 1 : 0}"
  depends_on = ["aws_subnet.private"]
  tags {
    Name         = "${format("%s-acl-app", var.name)}"
    environment  = "${var.environment}"
    role         = "app"
    organization = "${var.organization}"
    businessunit = "${var.businessunit}"
  }
}

data_source.tf

/**
 * Find subnet id based on type of instance.. values is component_type
 */

data "aws_route_table" "natroutetables" {
  vpc_id = "${var.vpc_id}"

  filter {
    name   = "tag:role"
    values = ["${element(var.nat_gateway_map, count.index/length(var.availability_zones))}"]
  }

  filter {
    name   = "tag:az"
    values = ["${element(var.availability_zones, count.index)}"]
  }

  filter {
    name   = "tag:environment"
    values = ["${var.environment}"]
  }

  count      = "${length(var.nat_gateway_map) * length(var.availability_zones)}"
  depends_on = ["aws_route_table.private"]
}

data "aws_route_table" "vpgroutetables" {
  vpc_id = "${var.vpc_id}"

  filter {
    name   = "tag:role"
    values = ["${element(var.vpg_map, count.index/length(var.availability_zones))}"]
  }

  filter {
    name   = "tag:az"
    values = ["${element(var.availability_zones, count.index)}"]
  }

  filter {
    name   = "tag:environment"
    values = ["${var.environment}"]
  }

  count      = "${length(var.vpg_map) * length(var.availability_zones)}"
  depends_on = ["aws_route_table.private"]
}

data "aws_subnet" "db" {
  vpc_id = "${var.vpc_id}"

  filter {
    name   = "tag:role"
    values = ["db"]
  }

  filter {
    name   = "tag:az"
    values = ["${element(var.availability_zones, count.index)}"]
  }

  filter {
    name   = "tag:environment"
    values = ["${var.environment}"]
  }
//  depends_on = ["aws_subnet.private"]
  count = "${length(matchkeys(keys(var.private_subnets), values(var.private_subnets),list("db"))) >= 1 ? length(var.availability_zones) : 0}"
}

data "aws_subnet" "infra" {
  vpc_id = "${var.vpc_id}"

  filter {
    name   = "tag:role"
    values = ["infra"]
  }

  filter {
    name   = "tag:az"
    values = ["${element(var.availability_zones, count.index)}"]
  }

  filter {
    name   = "tag:environment"
    values = ["${var.environment}"]
  }
//  depends_on = ["aws_subnet.private"]
  count = "${length(matchkeys(keys(var.private_subnets), values(var.private_subnets),list("infra"))) >= 1 ? length(var.availability_zones) : 0}"
}

/*// temporarily creating it as we do not have vpn from office
data "aws_subnet" "elb" {
  vpc_id = "${var.vpc_id}"

  filter {
    name   = "tag:role"
    values = ["elb"]
  }

  filter {
    name   = "tag:az"
    values = ["${element(var.availability_zones, count.index)}"]
  }

  filter {
    name   = "tag:environment"
    values = ["${var.environment}"]
  }

  count = "${length(var.availability_zones)}"
}*/

data "aws_subnet" "app" {
  vpc_id = "${var.vpc_id}"

  filter {
    name   = "tag:role"
    values = ["app"]
  }

  filter {
    name   = "tag:az"
    values = ["${element(var.availability_zones, count.index)}"]
  }

  filter {
    name   = "tag:environment"
    values = ["${var.environment}"]
  }

  depends_on = ["aws_subnet.private"]
  count = "${length(matchkeys(keys(var.private_subnets), values(var.private_subnets),list("app"))) >= 1 ? length(var.availability_zones) : 0}"
}

output "app_cidr" {
  value = ["${data.aws_subnet.app.*.cidr_block}"]
}

output "infra_cidr" {
  value = ["${data.aws_subnet.infra.*.cidr_block}"]
}

output "db_cidr" {
  value = ["${data.aws_subnet.db.*.cidr_block}"]
}

input .tf file

 module "private_subnet" {
   source      = "../../../../modules/private_subnet"
   name        = "prod"
   environment = "prod"
   vpc_id      = "${module.vpc.vpc_id}"
   vpc_cidr    = "${module.vpc.vpc_cidr}"

   private_subnets = {
     "x.x.x.x/25"   = "infra"
     "x.x.x.x/25" = "infra"
     "x.x.x.x/26" = "db"
     "x.x.x.x/26" = "db"
     "x.x.x.x/25"   = "app"
     "x.x.x.x/25" = "app"
   }

   vpn_gateway_id = "${module.vpn.vpg_id}"
   vpg_map        = ["infra", "db", "app"]
   vpg_cidr       = ["x.x.x.x/32", "x.x.x.x/29"]

   nat_gateway_ids = "${module.nat.nat_gateway_ids}"
   nat_gateway_map = ["infra", "db", "app"]
   profile         = "prod"
 }

[bflad]

Hi @Prashantpv 👋 Sorry you ran into this confusing error and thank you for reporting it. There have been a lot of relevant changes in the Terraform Core and Terraform AWS Provider codebases since this issue was originally reported so as a first step it might be best to try updating to recent versions of both and seeing if any of those updates may have resolved this issue.

Attempting to troubleshoot these types of errors is very difficult in Terraform 0.11 and earlier as those versions will report this problem (diffs didn't match during apply error) where a problematic configuration value exists or is referenced and not where the Terraform resource with the underlying problem actually exists. We typically will need much more information than the original error message suggests for filing the issue (e.g. the full Terraform configuration). There are also frequent issues in the Terraform 0.11 error reporting where the error message is due to behavior outside the control of the Terraform resources themselves (e.g. lifecycle configurations).

In Terraform 0.12 and later, the "value did not match" type of error can now be found with the newer Provider produced inconsistent result after apply error, which better reports the source of the problem so the provider maintainers and community can more easily work towards a fix of the issue. Other similar errors that fell previously into diffs didn't match during apply errors, but outside problems within the Terraform provider are also better diagnosed before being displayed.

Since the majority of the Terraform code path and reporting structure of these errors has changed between Terraform 0.11 and 0.12, along with the difficult triage process in Terraform 0.11 and earlier, the maintainers prefer to close these older issues to continue troubleshooting and fixing based on Terraform 0.12's error reporting instead. I apologize for this unsatisfying closure of this particular version of the issue.

That said, if the configuration does happen to reproduce the newer Provider produced inconsistent result after apply error in Terraform 0.12 (which requires Terraform AWS Provider version 2.7.0 or later), please do not hesitate to file a new issue and complete all of the information requested in the Bug Report template so we can hopefully get the root cause for fixing the issue. Thanks again for this bug report and sorry about the additional steps for getting a potential fix implemented.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!