Hi I get stuck every time when my list of `cidr blocks` chan Pulumi Community #aws

Hi! I get stuck every time when my list of `cidr_b...

nutritious-shampoo-16116

01/20/2021, 3:28 PM

Hi! I get stuck every time when my list of

cidr_blocks

changes, the replacement of the

aws:ec2:SecurityGroupRule

fails giving the error

Copy code

* [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxxx). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error message: the specified rule "peer: SOME_CIDR, TCP, from port: 443, to port: 443, ALLOW" already exists

Is there any way of getting around this?

cool-fireman-90027

01/20/2021, 3:36 PM

Can you replace the

SecurityGroupRules

with SecurityGroup. Example Usage

nutritious-shampoo-16116

01/20/2021, 3:41 PM

the way we build SG is very dynamic, but I suppose I can return SecurotyRuleIngressArgs instead of SecurotyGroupRule and that would be the same

nutritious-shampoo-16116

01/20/2021, 3:59 PM

it seems I can't, I have 2 security groups depending on each other for ingress/egress

little-cartoon-10569

01/20/2021, 8:37 PM

If you arrange your security group rules so that a particular rule never changes position in the rule list, this can be avoided. deleteBeforeReplace can help, but sometimes I find that the easiest thing is to comment out all the rules,

up

, then uncomment them all... meaning temporary outage... 😞

Open in Slack

Previous Next