search

int128 / terraform-aws-nat-instance

Terraform module to provision a NAT Instance using an Auto Scaling Group and Spot Instance from $1/month
https://registry.terraform.io/modules/int128/nat-instance/aws/
Apache License 2.0
175 stars 90 forks source link

Allow all ingress traffic #21

Closed thongdong7 closed 4 years ago

thongdong7 commented 4 years ago

To fix issue https://github.com/int128/terraform-aws-nat-instance/issues/20

int128 commented 4 years ago

Thank you for your contribution!

hcarver commented 4 years ago

FYI @int128 this merge broke our use of this Terraform module; we were surprised by that too, given the nature of the change!

Error: Error revoking security group sg-<some code> rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.

Manually editing the security group rules in the AWS console was not sufficient to fix it. After editing them to be for all protocols (not just TCP we saw this):

Error: [WARN] A duplicate Security Group rule was found on (sg-<some code>). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
information and instructions for recovery. Error message: the specified rule "peer: <some CIDR>, ALL, ALLOW" already exists

The fix for us was to delete the existing ingress rules, plan and apply. That's OK for us as our NAT is very low traffic, but this fix will not be palatable for all users!

int128 commented 4 years ago

@hcarver Thank you for pointing out the issue! I just released the fixed version. Sorry I didn't test this PR on my environment actually.