Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error removing aws_security_group_rule that has self reference rule #2837

Closed
alexintel opened this issue Jul 23, 2015 · 4 comments
Closed

Error removing aws_security_group_rule that has self reference rule #2837

alexintel opened this issue Jul 23, 2015 · 4 comments
Labels
bug provider/aws

Comments

@alexintel
Copy link

@catsby

Terraform version 0.5.3

This is NOT a duplicate of #1985 (#1985)
#2305 only fixes a specific use case where:

resource "aws_security_group_rule" "self" {
  type = "ingress"
  protocol = "-1"
  from_port = 0
  to_port = 0
  self = true
  security_group_id = "${aws_security_group.web.id}"
}

Following case is still broken (note specific port number range):

resource "aws_security_group_rule" "self" {
  type = "ingress"
  protocol = "-1"
  from_port = 5501
  to_port = 5504
  self = true
  security_group_id = "${aws_security_group.web.id}"
}

Error:

* Error revoking security group sg-9136df35 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
    status code: 400, request id: []
Error applying plan:

1 error(s) occurred:

* 1 error(s) occurred:

* 1 error(s) occurred:

* Error revoking security group sg-9136df35 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
    status code: 400, request id: []

After I manually modified security group sg-9136df35 from AWS console to allow all TCP traffic 'terraform destroy' worked fine.
@alexintel
Copy link
Author

Issue for some reason persists in 0.5.3 even with 0-0 range. Seems like the issue with "self" reference, because the following works:
Note absence of "self" reference and adding SG source back to itself.

resource "aws_security_group_rule" "self" {
  type = "ingress"
  protocol = "-1"
  from_port = 5501
  to_port = 5504

  security_group_id = "${aws_security_group.web.id}"
  source_security_group_id = "${aws_security_group.web.id}"
}

@catsby catsby mentioned this issue Aug 18, 2015
Merged
@catsby
Copy link
Contributor

catsby commented Aug 18, 2015

Thank you for writing in @alexintel – this should be fixed in a refactoring of Security Group Rules I've done in #3019

@catsby
Copy link
Contributor

catsby commented Mar 24, 2016

Closing this for now, I can no longer reproduce the bug as shown, thanks!

@catsby catsby closed this as completed Mar 24, 2016
@ghost
Copy link

ghost commented Apr 27, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@catsby @alexintel