Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modifying cidr_blocks of resource aws_security_group_rule should not force a new resource #14966

Closed
iwasnobody opened this issue Sep 2, 2020 · 3 comments
Closed

Modifying cidr_blocks of resource aws_security_group_rule should not force a new resource #14966

iwasnobody opened this issue Sep 2, 2020 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. proposal Proposes new design or functionality. service/ec2 Issues and PRs that pertain to the ec2 service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.

Comments

@iwasnobody
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

If sometimes we modify the cidr_blocks to add addtional cidr, terraform will destroy then create the resource, not add resource. This behavior will have the following issues:
1.We have sentinel policy combined with workspace auto approve. If sentinel check there is only add operation, no change or destroy. It will pass and workspace auto approve. This will not work for this scenario although we just add a cidr. In aws console, it just like add another sg rule entry which I think should make it add
2.AWS will destroy previously sg rule entry and recreate all entry at once, it may influence newly created connection although tf do the delete then create very quickly

The following is what I discussed with terraform enterprise support and he suggest I open an issue here.
image
image

New or Affected Resource(s)

  • aws_security_group_rule

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • #0000
@iwasnobody iwasnobody added the enhancement Requests to existing resources that expand the functionality or scope. label Sep 2, 2020
@ghost ghost added the service/ec2 Issues and PRs that pertain to the ec2 service. label Sep 2, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Sep 2, 2020
@gdavison gdavison changed the title terraform do replace not add operation when add additional element to cidr_blocks of resource aws_security_group_rule Modifying cidr_blocks of resource aws_security_group_rule should not force a new resource Sep 2, 2020
@gdavison gdavison added proposal Proposes new design or functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Sep 2, 2020
@peter-weiss-prg
Copy link

Yeah, this is still a case unfortunately. Update to "cidr_blocks" attribute (type list - actually) in resource "aws_security_group_rule" causing "# forces replacement". That's a pitty.

@github-actions
Copy link

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Mar 29, 2023
Open
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 3, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. proposal Proposes new design or functionality. service/ec2 Issues and PRs that pertain to the ec2 service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gdavison @iwasnobody @peter-weiss-prg