Security Group References in a Peered VPC - Githubissues

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

https://www.terraform.io/

Other

42.55k stars 9.53k forks source link

Security Group References in a Peered VPC #5568

Closed rodlogic closed 8 years ago

rodlogic commented 8 years ago

On March 1st, AWS announced Security Group references in a peered VPC.

Since support for this in the AWS Go SDK was added in 1.1.8, it would be a good idea to upgrade to 1.1.8, at least (latest is 1.1.9). The current version in use by Terraform seems to be 1.1.2.

phinze commented 8 years ago

Hi @rodlogic, the vendored library is updated now - what else do we need in Terraform to support this behavior?

rodlogic commented 8 years ago

As far as I know, the new SDK should fix the issue. If it is not too much trouble building master I can try it to verify.

rodlogic commented 8 years ago

I gave a quick shot at building terraform on my OSX laptop without luck. If you have a simple way to generate a binary for OSX, I am happy to take it and test this on my project.

rodlogic commented 8 years ago

I tested again with v0.6.3, which now uses AWS GoSDK v1.1.9, but unfortunately I am seeing the same issue:

* aws_security_group_rule.OPS-ENV-ICMP-EGRESS: Error authorizing security group rule type egress: InvalidGroup.NotFound: You have specified two resources that belong to different networks.
    status code: 400, request id:

The issue went away once I upgraded to the latest aws-cli/1.10.14 Python/2.7.10 Darwin/15.3.0 botocore/1.4.5 (testing from the command-line). So I am wondering if the problem is actually in the AWS Go SDK.

phinze commented 8 years ago

@rodlogic Terraform 0.6.14 is using aws-sdk-go v1.1.12 released 6 days ago. I believe that should have the proper behavior now. Are you able to re-test this with 0.6.14?

rodlogic commented 8 years ago

I can confirm that this is now fixed.

dusansusic commented 4 years ago

4 years later:

Error: error creating EKS Node Group (eks-nodes): InvalidParameterException: Security group(s) [sg-xxxxxxxxx] are not in the same VPC as the subnets. Please specify a security group that is associated with the VPC: vpc-xxxxxxxxxxxxx.

I have 2 peered VPC's. Over AWS console, I am able to add security_group_id to other SG, but with terraform I get an error above.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.