Issue: AWS security module might create duplicate rules even when the…

…re are no changes. This started after adding the http data source but the bug is inconsistent as it shows the hardcoded value being re-created and not the dynamically set ip address. Ref: hashicorp/terraform-provider-aws#29797 FIX: AWS security groups module - create a rule per cidrblock. This still shows that a duplicate rule will be created but terraform does not fail as aws overwrites the old rule. On a third apply, terraform shows no changes in the plan.
EnterpriseDB · Feb 21, 2024 · f37054f · f37054f
1 parent 2b64ba7
commit f37054f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/edbterraform/data/terraform/aws/modules/security/main.tf b/edbterraform/data/terraform/aws/modules/security/main.tf
@@ -8,7 +8,7 @@ resource "aws_security_group" "rules" {
 }
 
 resource "aws_security_group_rule" "rule" {
-  for_each = local.merged_rules
+  for_each = local.rules
   security_group_id = aws_security_group.rules.id
   description = each.value.description
   type = each.value.type

diff --git a/edbterraform/data/terraform/aws/modules/security/variables.tf b/edbterraform/data/terraform/aws/modules/security/variables.tf
@@ -59,4 +59,14 @@ locals {
         "description": join(" _ ", distinct(local.port_rules_descriptions[name]))
       })
   }
+  # Expand the list back out with 1 rule per cidrblock since AWS fails to track the rules properly
+  # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/29797
+  rules = merge([
+    for name, rule in local.merged_rules: {
+      for cidr in rule.cidrs: 
+        format("%s_%s", name, cidr) => merge(rule, {
+          cidrs = [cidr]
+        })
+    }
+  ]...)
 }