search

terraform-aws-modules / terraform-aws-security-group

Terraform module to create AWS Security Group resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws
Other
564 stars 1.08k forks source link

InvalidPermission.Duplicate when using prefix lists #321

Closed rnikoopour closed 3 months ago

rnikoopour commented 5 months ago

Description

When using prefix lists as shown in the example an error is thrown about duplicate entries

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

Reproduction Code [Required]

Steps to reproduce the behavior:

module "security_group" {
    source = "terraform-aws-modules/security-group/aws"
    version = "~> 5.0"

    name = "foo"
    description = "bar"
    vpc_id = "<vpc_id>"

    ingress_prefix_list_ids = ["<id1>", "<id2>"]
    ingress_with_prefix_list_ids = [{
        rule = "postgresql-tcp"
    }]

    ingress_with_source_security_group_id = [
        {
            source_security_group_id = "<sg_id>"
            rule = "postgresql-tcp"
        }
    ]

    egress_rules = [
        "all-all"
    ]
}

Apply the above terraform.

Expected behavior

Prefix lists can be used without any errors

Actual behavior

Error thrown when using prefix lists about duplicate entries in the security group.

Terminal Output Screenshot(s)

Additional context

The error generated links to https://github.com/hashicorp/terraform/pull/2376

The error looks like:


β”‚ Error: [WARN] A duplicate Security Group rule was found on (<sg-id>). This may be
β”‚ a side effect of a now-fixed Terraform issue causing two security groups with
β”‚ identical attributes but different source_security_group_ids to overwrite each
β”‚ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
β”‚ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: <prefix-list-id>, TCP, from port: 5432, to port: 5432, ALLOW" already exists
β”‚       status code: 400, request id: <req-id>
β”‚ 
β”‚   with module.security_group.aws_security_group_rule.ingress_with_source_security_group_id[0],
β”‚   on .terraform/modules/security_group/main.tf line 103, in resource "aws_security_group_rule" "ingress_with_source_security_group_id":
β”‚  103: resource "aws_security_group_rule" "ingress_with_source_security_group_id" {````
github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 3 months ago

This issue was automatically closed because of stale in 10 days

github-actions[bot] commented 2 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.