Skip to content

T
terraform-aws-security-group
Commit f4b4368f authored by Nazar Annagurban's avatar Nazar Annagurban Committed by Anton Babenko
Browse files
Options

Workaround for bug when updating description of a rule with protocol all (#34) 

* Workaround for bug when updating description of a rule with protocol all

Error:

"Error updating security group rule description:
InvalidParameterValue: When protocol is ALL, you cannot specify
from-port."

Issue:
https://github.com/terraform-providers/terraform-provider-aws/issues/1920

* Add known issues to README
parent 1e365b8c
Show whitespace changes
Inline Side-by-side
Showing with 45 additions and 0 deletions
README.md
View file @ f4b4368f
......@@ -102,6 +102,11 @@ How to add/update rules/groups?
Rules and groups are defined in [rules.tf](rules.tf). Run `update_groups.sh` when content of that file has changed to recreate content of all automatic modules.
Known issues
------------
* Due to an [issue #1920](https://github.com/terraform-providers/terraform-provider-aws/issues/1920) in AWS provider, updates to the `description` of security group rules are ignored by this module. If you need to update `description` after the security group has been created you need to recreate security group rule.
Authors
-------
......
main.tf
View file @ f4b4368f
......@@ -29,6 +29,10 @@ resource "aws_security_group_rule" "ingress_rules" {
from_port = "${element(var.rules[var.ingress_rules[count.index]], 0)}"
to_port = "${element(var.rules[var.ingress_rules[count.index]], 1)}"
protocol = "${element(var.rules[var.ingress_rules[count.index]], 2)}"
lifecycle {
ignore_changes = ["description"]
}
}
##########################
......@@ -49,6 +53,10 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
from_port = "${lookup(var.ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
# Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
......@@ -65,6 +73,10 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
from_port = "${lookup(var.ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
# Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
......@@ -81,6 +93,10 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
from_port = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
# Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
......@@ -98,6 +114,10 @@ resource "aws_security_group_rule" "ingress_with_self" {
from_port = "${lookup(var.ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
#################
......@@ -122,6 +142,10 @@ resource "aws_security_group_rule" "egress_rules" {
from_port = "${element(var.rules[var.egress_rules[count.index]], 0)}"
to_port = "${element(var.rules[var.egress_rules[count.index]], 1)}"
protocol = "${element(var.rules[var.egress_rules[count.index]], 2)}"
lifecycle {
ignore_changes = ["description"]
}
}
#########################
......@@ -142,6 +166,10 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" {
from_port = "${lookup(var.egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
# Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
......@@ -158,6 +186,10 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
from_port = "${lookup(var.egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
# Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
......@@ -174,6 +206,10 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
from_port = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
# Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
......@@ -191,6 +227,10 @@ resource "aws_security_group_rule" "egress_with_self" {
from_port = "${lookup(var.egress_with_self[count.index], "from_port", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.egress_with_self[count.index], "to_port", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.egress_with_self[count.index], "protocol", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 2))}"
lifecycle {
ignore_changes = ["description"]
}
}
################
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment