Hi! I get stuck every time when my list of

cidr_blocks

changes, the replacement of the

aws:ec2:SecurityGroupRule

fails giving the error

* [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxxx). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error message: the specified rule "peer: SOME_CIDR, TCP, from port: 443, to port: 443, ALLOW" already exists

Is there any way of getting around this?

Can you replace the

SecurityGroupRules

with SecurityGroup. Example Usage

the way we build SG is very dynamic, but I suppose I can return SecurotyRuleIngressArgs instead of SecurotyGroupRule and that would be the same

If you arrange your security group rules so that a particular rule never changes position in the rule list, this can be avoided. deleteBeforeReplace can help, but sometimes I find that the easiest thing is to comment out all the rules,

up

, then uncomment them all... meaning temporary outage... 😞