search

terraform-aws-modules / terraform-aws-security-group

Terraform module to create AWS Security Group resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws
Other
562 stars 1.08k forks source link

Error: "" is not a valid CIDR block: invalid CIDR address #276

Closed feyzee closed 1 year ago

feyzee commented 1 year ago

Description

When creating a security group for an EC2 instance I'm encountering this issue if there is an ingress_with_ipv6_cidr_blocks rule specified. I've tried with all public CIDR block and a private one, both are having this issue. This goes away if i comment out the code.

Earlier I thought it might be related to VPC not having an IPV6 enabled, but even adding enable_ipv6 = true in the VPC module(v3.18.1) the issue persists. I've added the code below in Reproduction Code section. Here's the error i'm getting -

│ Error: "" is not a valid CIDR block: invalid CIDR address: │ │ with module.ec2_sg.aws_security_group_rule.ingress_with_ipv6_cidr_blocks[0], │ on .terraform/modules/ec2_sg/main.tf line 287, in resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks": │ 287: ipv6_cidr_blocks = split( │ 288: ",", │ 289: lookup( │ 290: var.ingress_with_ipv6_cidr_blocks[count.index], │ 291: "ipv6_cidr_blocks", │ 292: join(",", var.ingress_ipv6_cidr_blocks), │ 293: ), │ 294: )

Versions

Terraform v1.3.6 on linux_amd64

  • provider registry.terraform.io/hashicorp/aws v4.48.0
  • provider registry.terraform.io/hashicorp/random v3.4.3

Your version of Terraform is out of date! The latest version is 1.3.7. You can update by downloading from https://www.terraform.io/downloads.html

Reproduction Code

module "ec2_sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "EC2-SG"
  description = "Security group for EC2 with HTTPS ports open within VPC"
  vpc_id      = module.vpc.vpc_id

  ingress_with_cidr_blocks = [
    {
      description = "EC2-IPV4"
      rule        = "https-443-tcp"
      cidr_blocks = "0.0.0.0/0"
    }
  ]

  ingress_with_ipv6_cidr_blocks = [
    {
      description = "EC2-IPV6"
      rule        = "https-443-tcp"
      cidr_blocks = "::/0"
    }
  ]
}

module "ec2" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name                        = ec2_host
  ami                         = var.ec2_host_ami_id
  instance_type               = var.instance_type
  subnet_id                   = element(module.vpc.public_subnets, 0)
  vpc_security_group_ids      = [module.ec2_sg.security_group_id]
  key_name                    = var.keypair
  associate_public_ip_address = true
  disable_api_termination     = true
}

Steps to reproduce the behavior:

  1. Are you using workspaces? No. Statefile backend is S3.

  2. List steps in order that led up to the issue you encountered

    terraform init
terraform plan
magreenbaum commented 1 year ago

Inside the ingress_with_ipv6_cidr_blocks section, I believe the argument should be ipv6_cidr_blocks. So from your reproduction code: ipv6_cidr_blocks = "::/0" instead of cidr_blocks = "::/0".

feyzee commented 1 year ago

@magreenbaum that worked, thanks.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.