-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
duplicate security group #340
Comments
Still getting this kind of error when using terraform. What is worst i think is that trying to clean up by doing terraform plna --destroy --out plan && terraform apply plan, misses resources and leaves garvage created that you then need to go hunt for. Error applying plan: 2 error(s) occurred:
Terraform does not automatically rollback in the face of errors. |
Still getting this error.
|
Also receiving this error. Attempting to change a CIDR and getting the aforementioned "duplicate Security Group rule was found" error terraform = 0.10.8 |
Also receiving this error. Terraform v0.11.7
I am not sure what I have to do to fix these errors. |
I'm also seeing this error on:
|
I'm seeing this security rule duplicate error somewhat regularly about every other day, I checked with AWS and it seems that terraform is indeed trying to create some duplicate security group rules. @bflad @radeksimko @simonvanderveldt As people have been that have been in the security group rule resource file recently, do you know what might be causing this? I'm having some trouble diagnosing the issue, if you have any hints I'd be happy to investigate further and submit a PR fixing the issue. |
@jammerful I'm not entirely sure what you mean by this
But issues with security group rules do keep happening for us. AFAIK the API on the AWS side doesn't return anything useful when creating security group rules (have a look at the output here https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html), meaning there's no unique identifier for security group rules, which means Terraform can only infer which rule is which by looking at the properties one has set for the security group rule. This is obviously not ideal. I'm not sure if there are any other factors at play, but for some reason sometimes Terraform doesn't notice a Terraform managed SG rule already exists, maybe not all properties of SG rules are being checked? |
In my case it turned out to be a red herring. Terraform was working as expected. |
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
This issue was originally opened by @tomstachura as hashicorp/terraform#9778. It was migrated here as part of the provider split. The original body of the issue is below.
This is pointing me to pages of discussion from over a year ago. Seems this bug is still happening
2 error(s) occurred:
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See Consider security groups with source security groups when hashing terraform#2376 for more
information and instructions for recovery. Error message: the specified rule "peer: 199.58.192.98/32, TCP, from port: 22, to port: 22, ALLOW" already exists
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See Consider security groups with source security groups when hashing terraform#2376 for more
information and instructions for recovery. Error message: the specified rule "peer: 35.161.227.236/32, TCP, from port: 22, to port: 22, ALLOW" already exists
I have 2 of these pointing to 2 different security groups. If I have just 1 of these, it works. If I have 2 it fails with the above.
resource "aws_security_group_rule" "admin" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
security_group_id = "${aws_security_group.admin.id}" # for the 2nd one, this was changed to another ID
cidr_blocks = ["${var.admin_ips[count.index]}/32"]
count = "${length(var.admin_ips)}"
}
The text was updated successfully, but these errors were encountered: