limited-pager-46264
02/16/2021, 11:44 AMexample = aws.ec2.SecurityGroupRule(
"example",
type="ingress",
from_port=443,
to_port=443,
protocol="tcp",
cidr_blocks=["1.1.1.1/32"],
security_group_id=allow_tls.id,
opts=pulumi.ResourceOptions(parent=allow_tls))
I then added another ip to the cidr list of the SG rule:
example = aws.ec2.SecurityGroupRule(
"example",
type="ingress",
from_port=443,
to_port=443,
protocol="tcp",
cidr_blocks=["1.1.1.1/32","2.2.2.2/32"],
security_group_id=allow_tls.id,
opts=pulumi.ResourceOptions(parent=allow_tls))
That resulted in the following error:
Previewing update (test):
~ pulumi:pulumi:Stack: (refresh)
[urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
+-aws:ec2/securityGroupRule:SecurityGroupRule: (replace)
[id=sgrule-3919269017]
[urn=urn:pulumi:test::Experiment::aws:ec2/securityGroup:SecurityGroup$aws:ec2/securityGroupRule:SecurityGroupRule::example]
[provider=urn:pulumi:test::Experiment::pulumi:providers:aws::default_3_29_0::1d8ffca5-685c-4b69-8ddd-3883e405d97f]
~ cidrBlocks: [
[0]: <null>
+ [1]: "2.2.2.2/32"
]
Resources:
+-1 to replace
2 unchanged
Permalink: file:///Users/sibu/test/state/.pulumi/stacks/test.json
Do you want to perform this update? yes
Updating (test):
~ pulumi:pulumi:Stack: (refresh)
[urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:test::Experiment::pulumi:pulumi:Stack::Experiment-test]
error: 1 error occurred:
* [WARN] A duplicate Security Group rule was found on (sg-0acf2e4ef3c4ab3ee). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error message: the specified rule "peer: 1.1.1.1/32, TCP, from port: 443, to port: 443, ALLOW" already exists
error: update failed
Isn’t it possible to update the cidr_block?delete_before_replace=True
for the SG rule