Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot specify multiple security rules of the same type for different porst #40

Open
jj-mino opened this issue Dec 8, 2021 · 0 comments
Open

Cannot specify multiple security rules of the same type for different porst #40

jj-mino opened this issue Dec 8, 2021 · 0 comments
Labels
bug 🐛 An issue with the system

Comments

@jj-mino
Copy link

jj-mino commented Dec 8, 2021

Describe the Bug

The cloudposse/mq-broker/aws module is using the cloudposse/mq-broker/aws with version 0.3.1 internally, which fails with below error when passing multiple ports for the same type

# Error
│ Error: [WARN] A duplicate Security Group rule was found on (sg-0d867c5b26555c769). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, ALL, ALLOW" already exists
│       status code: 400, request id: 9573b001-d97f-490d-a18c-0f00c7d8e198
│
│   with module.mq_test.module.security_group.aws_security_group_rule.default["ingress--1-5671-5671-9c87e5e1ed040a443ce1ac8e6d6cf159"],
│   on .terraform/modules/mq_test.security_group/main.tf line 41, in resource "aws_security_group_rule" "default":
│   41: resource "aws_security_group_rule" "default" {

Expected Behavior

Security group should be created with the specified rules

## Steps to Reproduce
Use below root module to deploy the resource passin `security_group_rules` argument
# root module call
module "mq_test" {
  source = "cloudposse/mq-broker/aws"
  version     = "0.15.0"
  [...]
  security_group_rules = [
    {
      type        = "ingress"
      from_port   = 5671
      to_port     = 5671
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all outbound traffic"
    },
    {
      type        = "ingress"
      from_port   = 8883
      to_port     = 8883
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all outbound traffic"
    },
    {
      type        = "egress"
      from_port   = 5671
      to_port     = 5671
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all inbound traffic"
    }
  ]
}

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

  • OS: WSL
  • Version: Terraform v1.0.11
  • provider registry.terraform.io/hashicorp/aws v3.66.0
@jj-mino jj-mino added the bug 🐛 An issue with the system label Dec 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jj-mino