https://pulumi.com logo
#aws
Title
# aws
n

nutritious-shampoo-16116

01/20/2021, 3:28 PM
Hi! I get stuck every time when my list of
cidr_blocks
changes, the replacement of the
aws:ec2:SecurityGroupRule
fails giving the error
Copy code
* [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxxx). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error message: the specified rule "peer: SOME_CIDR, TCP, from port: 443, to port: 443, ALLOW" already exists
Is there any way of getting around this?
c

cool-fireman-90027

01/20/2021, 3:36 PM
Can you replace the
SecurityGroupRules
with SecurityGroup. Example Usage
n

nutritious-shampoo-16116

01/20/2021, 3:41 PM
the way we build SG is very dynamic, but I suppose I can return SecurotyRuleIngressArgs instead of SecurotyGroupRule and that would be the same
it seems I can't, I have 2 security groups depending on each other for ingress/egress
l

little-cartoon-10569

01/20/2021, 8:37 PM
If you arrange your security group rules so that a particular rule never changes position in the rule list, this can be avoided. deleteBeforeReplace can help, but sometimes I find that the easiest thing is to comment out all the rules,
up
, then uncomment them all... meaning temporary outage... 😞