From f37054fa8fb8f3981b558d1e9a4e68938a89d080 Mon Sep 17 00:00:00 2001
From: Bryan Barajas <bryan.barajas@enterprisedb.com>
Date: Wed, 21 Feb 2024 00:46:09 +0000
Subject: [PATCH] Issue: AWS security module might create duplicate rules even
 when there are no changes. This started after adding the http data source but
 the bug is inconsistent as it shows the hardcoded value being re-created and
 not the dynamically set ip address.

Ref: https://github.com/hashicorp/terraform-provider-aws/issues/29797

FIX: AWS security groups module - create a rule per cidrblock.
This still shows that a duplicate rule will be created but terraform does not fail as aws overwrites the old rule.
On a third apply, terraform shows no changes in the plan.
---
 .../data/terraform/aws/modules/security/main.tf        |  2 +-
 .../data/terraform/aws/modules/security/variables.tf   | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/edbterraform/data/terraform/aws/modules/security/main.tf b/edbterraform/data/terraform/aws/modules/security/main.tf
index c6409301..d1ecc29b 100644
--- a/edbterraform/data/terraform/aws/modules/security/main.tf
+++ b/edbterraform/data/terraform/aws/modules/security/main.tf
@@ -8,7 +8,7 @@ resource "aws_security_group" "rules" {
 }
 
 resource "aws_security_group_rule" "rule" {
-  for_each = local.merged_rules
+  for_each = local.rules
   security_group_id = aws_security_group.rules.id
   description = each.value.description
   type = each.value.type
diff --git a/edbterraform/data/terraform/aws/modules/security/variables.tf b/edbterraform/data/terraform/aws/modules/security/variables.tf
index e8a7cb24..5dfab085 100644
--- a/edbterraform/data/terraform/aws/modules/security/variables.tf
+++ b/edbterraform/data/terraform/aws/modules/security/variables.tf
@@ -59,4 +59,14 @@ locals {
         "description": join(" _ ", distinct(local.port_rules_descriptions[name]))
       })
   }
+  # Expand the list back out with 1 rule per cidrblock since AWS fails to track the rules properly
+  # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/29797
+  rules = merge([
+    for name, rule in local.merged_rules: {
+      for cidr in rule.cidrs: 
+        format("%s_%s", name, cidr) => merge(rule, {
+          cidrs = [cidr]
+        })
+    }
+  ]...)
 }