-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Group /security Group-rule recreation error #12420
Comments
I have a similar issue, it seems. I have an AWS MSK stack where I have a cluster security group where I have the option to add and remove client security groups by group name or name tag. This stack also has an optional utility instance it will stand up, with a empty ingress security group, but instead of adding this to the cluster security group directly, I'm using an a conditional aws_security_group_rule that adds the the utility instance's security group to the cluster's. When I create the stack with the utility instance, things seem to work. If I instantiate the stack without the utility instance, and later decide to stand up the utility instance, that works too. BUT when I go to remove the utility instance, I run into problems: aws_iam_role_policy_attachment.utility_ec2[0]: Destroying... [id=ts-message-bus-dev-green-ref20-msk-utility-us-east-1-20200410160845019500000001] Error: Error revoking security group sg-08070a71c0adbb244 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
|
I have been facing this issue also, although going between UDP and TCP protocols. |
I am getting the same issues with this and it's blocking us from developing some code as the workaround is manual deletion of the rules and then apply again, can this get some focus please.
|
Same issue here, we had to manually delete the rule from security group and TF state as a workaround. |
same issue here, not able to change the protocol from tcp to udp. |
Same issue with versions:
|
Just caught the same bug changing SG Rule protocol from TCP to UDP
|
we hit this, and only deleting the group rule in AWS console was enough to work around this error. (we did not have to delete it from state). The only change in the rule was updating protocol from "TCP" to "-1". |
Hit this error as well. My change was the same as @blortuga, I updated an ingress rule's protocol from TCP to -1. Removing the rule in the console so that terraform perceived the change as a whole new change rather than a recreation worked. |
I found a workaround for this.
In my environment, I was able to achieve the change from "tcp" to "udp" by adding this setting.
result...
|
#8769 appears to refer to the same issue. |
This functionality has been released in v4.29.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Hello.
I have problems recreating securitygrouprules. Seem to be related to multiply old cases, that seem resolved and closed.
would be great to have some feedback or workaround.
Community Note
Terraform Version
Terraform v0.12.20
Affected Resource(s)
aws_security_group
aws_security_group_rule
Terraform Configuration Files
Debug Output
Error revoking security group sg-087e80ad801d081f2 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
status code: 400, request id: f0d73cde-e0e9-4bd3-8dd7-1fa617edee66
Expected Behavior
Recreating the security group rule when changing protocol from "-1" to "TCP"
Actual Behavior
Error revoking security group sg-087e80ad801d081f2 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
status code: 400, request id: f0d73cde-e0e9-4bd3-8dd7-1fa617edee66
Steps to Reproduce
The text was updated successfully, but these errors were encountered: