Error authorizing security group ingress rules: InvalidGroup.NotFound in v0.6.12

[bmurphy1976]

I'm getting an error managing security groups in an AWS classic account using Terraform v0.6.12.

Everything works as expected on first application and the security groups are created with the appropriate ingress rules. However, on all subsequent applications of state the tool fails with:

Error authorizing security group ingress rules: InvalidGroup.NotFound: Unable to find group 'sg-d65f4dbc'

Example output:

root@3deb570ee4a1:/srv/build/test# cat test.tf

resource "aws_security_group" "terraform-test-client" {
    name        = "terraform-test-client"
    description = "terraform-test-client"

    ingress {
      from_port   = 80
      to_port     = 80
      protocol    = "tcp"
      security_groups = [ "${aws_security_group.terraform-test-server.name}" ]
    }
}


resource "aws_security_group" "terraform-test-server" {
    name        = "terraform-test-server"
    description = "terraform-test-server"
}

root@3deb570ee4a1:/srv/build/test# terraform apply

aws_security_group.terraform-test-server: Creating...
  description: "" => "terraform-test-server"
  egress.#:    "" => "<computed>"
  ingress.#:   "" => "<computed>"
  name:        "" => "terraform-test-server"
  owner_id:    "" => "<computed>"
  vpc_id:      "" => "<computed>"
aws_security_group.terraform-test-server: Creation complete
aws_security_group.terraform-test-client: Creating...
  description:                                 "" => "terraform-test-client"
  egress.#:                                    "" => "<computed>"
  ingress.#:                                   "" => "1"
  ingress.756987717.cidr_blocks.#:             "" => "0"
  ingress.756987717.from_port:                 "" => "80"
  ingress.756987717.protocol:                  "" => "tcp"
  ingress.756987717.security_groups.#:         "" => "1"
  ingress.756987717.security_groups.786008131: "" => "terraform-test-server"
  ingress.756987717.self:                      "" => "0"
  ingress.756987717.to_port:                   "" => "80"
  name:                                        "" => "terraform-test-client"
  owner_id:                                    "" => "<computed>"
  vpc_id:                                      "" => "<computed>"
aws_security_group.terraform-test-client: Creation complete

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate

root@3deb570ee4a1:/srv/build/test# terraform apply

aws_security_group.terraform-test-server: Refreshing state... (ID: sg-d65f4dbc)
aws_security_group.terraform-test-client: Refreshing state... (ID: sg-135e4c79)
aws_security_group.terraform-test-client: Modifying...
  ingress.3331752018.cidr_blocks.#:             "0" => "0"
  ingress.3331752018.from_port:                 "80" => "0"
  ingress.3331752018.protocol:                  "tcp" => ""
  ingress.3331752018.security_groups.#:         "1" => "0"
  ingress.3331752018.security_groups.586342644: "sg-d65f4dbc" => ""
  ingress.3331752018.self:                      "0" => "0"
  ingress.3331752018.to_port:                   "80" => "0"
  ingress.756987717.cidr_blocks.#:              "0" => "0"
  ingress.756987717.from_port:                  "" => "80"
  ingress.756987717.protocol:                   "" => "tcp"
  ingress.756987717.security_groups.#:          "0" => "1"
  ingress.756987717.security_groups.786008131:  "" => "terraform-test-server"
  ingress.756987717.self:                       "" => "0"
  ingress.756987717.to_port:                    "" => "80"
Error applying plan:

1 error(s) occurred:

* aws_security_group.terraform-test-client: Error authorizing security group ingress rules: InvalidGroup.NotFound: Unable to find group 'sg-d65f4dbc'
    status code: 400, request id:

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
root@3deb570ee4a1:/srv/build/test#

[phinze]

Hi @bmurphy1976 - I think the fix in #4983 will take care of this. We'll get that landed before the next TF release. 👍

[bmurphy1976]

@phinze oh, that's great! I'll try to test a custom build with #4983 merged this weekend to see if it resolves this for us.

[bmurphy1976]

Can confirm, a7ad71b fixes the problem for us.

[avdhoot]

facing same issue :( . can u guys start nightly build?.

[joshuaspence]

I can confirm that #4983 fixes this problem for us as well.

[catsby]

#4983 was consolidated into #5533, which is in review

[catsby]

Hey all – I just merged #5533 to fix this. Sorry for the hassle! Let me know if you're still having issues.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.