Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_vpc_security_group_ingress_rule doesn't allow specifying which security groups it accepts ingress from #40206

Open
KieranP opened this issue Nov 20, 2024 · 1 comment
Open

[Bug]: aws_vpc_security_group_ingress_rule doesn't allow specifying which security groups it accepts ingress from #40206

KieranP opened this issue Nov 20, 2024 · 1 comment
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. service/vpc Issues and PRs that pertain to the vpc service.

Comments

@KieranP
Copy link

KieranP commented Nov 20, 2024

Terraform Core Version

1.9.8

AWS Provider Version

5.76.0

Affected Resource(s)

  • aws_vpc_security_group_ingress_rule

Expected Behavior

Using the ingress block within aws_security_group is no longer recommended. I went to switch over to the recommended aws_vpc_security_group_ingress_rule, but there is not an option to specify security groups to allow ingress from, only CIDR ranges. What am I missing here? Is this functionality missing or is it intentionally not supported, In which case, what is the suggested workaround?

Actual Behavior

See above

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Before:

 resource "aws_security_group" "redis" {
   name   = "redis"
   vpc_id = aws_vpc.main.id
 
  ingress {
    description = "Redis"
    from_port   = 6379
    to_port     = 6379
    protocol    = "tcp"
    security_groups = [
      aws_security_group.app.id,
      aws_security_group.worker.id
    ]
  }
}

After:

resource "aws_security_group" "redis" {
  name   = "redis"
  vpc_id = aws_vpc.main.id
}

resource "aws_vpc_security_group_ingress_rule" "redis_ingress" {
  security_group_id = aws_security_group.redis.id
  description       = "Redis"
  ip_protocol       = "tcp"
  from_port         = 6379
  to_port           = 6379
  security_groups = [ // <- This is no longer supported
    aws_security_group.app.id,
    aws_security_group.worker.id
  ]
}

Steps to Reproduce

See above

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@KieranP KieranP added the bug Addresses a defect in current functionality. label Nov 20, 2024
@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/vpc Issues and PRs that pertain to the vpc service. needs-triage Waiting for first response or review from a maintainer. labels Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. service/vpc Issues and PRs that pertain to the vpc service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KieranP