Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unwanted deletion of aws_security_group_rule on second apply/plan #12356

Closed
obourdon opened this issue Mar 11, 2020 · 4 comments
Closed

Unwanted deletion of aws_security_group_rule on second apply/plan #12356

obourdon opened this issue Mar 11, 2020 · 4 comments
Labels
service/ec2 Issues and PRs that pertain to the ec2 service.

Comments

@obourdon
Copy link
Contributor

obourdon commented Mar 11, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

0.11(.14) and 0.12(.23)

Terraform provider version

2.52.0

Affected Resource(s)

  • aws_security_group_rule

Terraform Configuration Files

See this repository for easy reproduction

Expected Behavior

Has nothing changed, plan should say so in its output

Actual Behavior

Removal of aws_security_group_rule

Steps to Reproduce

see README.md in repository mentioned above
@ghost ghost added the service/ec2 Issues and PRs that pertain to the ec2 service. label Mar 11, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Mar 11, 2020
@obourdon
Copy link
Contributor Author

Might very well be linked/duplicate of #11059

@mattburgess
Copy link
Collaborator

I think this is expected behaviour given the comments at the top of https://www.terraform.io/docs/providers/aws/r/security_group.html - you mix an SG with in-line rules (https://github.com/obourdon/terraform-bug-12356/blob/master/0.12/lb.tf#L14-L50) with an SG rule (https://github.com/obourdon/terraform-bug-12356/blob/master/0.12/netdata.tf#L41-L51).

You need to either put all rules as in-line, or all rules as separate aws_security_group_rule resources otherwise TF won't know which ones you actually want. I personally having "bare" aws_security_group resources, and explicitly defining rules via aws_security_group_rule resources.

@obourdon
Copy link
Contributor Author

obourdon commented Mar 17, 2020
edited
Loading

@mattburgess thanks for this explanation. Indeed this makes a lot of sense and I should read documentation more carefully.
Please also note that I found a workaround for this issue by adding a second, conditional security_group with in-line rules (an not security_group_rule resource) which I then attached to the aws_lb security_groups parameter list using concat

@ghost
Copy link

ghost commented Apr 16, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 16, 2020
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@breathingdust @mattburgess @obourdon