You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the Terraform documentation (and plan seems to confirm this) this should be perfectly acceptable configuration but it in fact is not. Only Security Groups created under VPCs are allowed to have a protocol value of anything but "tcp", "udp", and "icmp" (i.e. "-1")
Actual Behavior
An EC2 API exception is returned to Terraform and raised.
Error applying plan:
1 error(s) occurred:
* aws_security_group.test_sg: 1 error(s) occurred:
* aws_security_group.test_sg: Error authorizing security group ingress rules: InvalidPermission.Malformed: Unsupported IP protocol "-1" - supported: [tcp, udp, icmp]
status code: 400, request id: 14e00208-087d-4cf1-b5c0-23c48f70f0d9
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Steps to Reproduce
Please list the full steps required to reproduce the issue, for example:
Create an aws_security_group resource that has no vpc_id and contains an ingress rule with a protocol value of "-1"
terraform init
terraform apply
Important Factoids
I am not expecting this to result in a change to the behavior of terraform apply but rather that the documentation will be updated to reflect this limitation and that terraform plan will return an exception indicating an invalid configuration.
The Terraform documentation for aws_security_group https://www.terraform.io/docs/providers/aws/r/security_group.html actually has an example that would result in the above error if it were ran as presented (it does not have a vpc_id defined but has a protocol value of "-1"). See "Basic Usage" under "Example Usage".
The text was updated successfully, but these errors were encountered:
This issue was originally opened by @ryno75 as hashicorp/terraform#16082. It was migrated here as a result of the provider split. The original body of the issue is below.
Terraform Version
Terraform v0.10.4
Terraform Configuration Files
Debug Output
plan: https://gist.github.com/ryno75/9bc7f915b2de350976e03e1fe6c410a5
apply: https://gist.github.com/ryno75/0356173e5ab99fd30b5814b027dbc2e2
Expected Behavior
According to the Terraform documentation (and plan seems to confirm this) this should be perfectly acceptable configuration but it in fact is not. Only Security Groups created under VPCs are allowed to have a protocol value of anything but "tcp", "udp", and "icmp" (i.e. "-1")
Actual Behavior
An EC2 API exception is returned to Terraform and raised.
Steps to Reproduce
Please list the full steps required to reproduce the issue, for example:
terraform init
terraform apply
Important Factoids
I am not expecting this to result in a change to the behavior of
terraform apply
but rather that the documentation will be updated to reflect this limitation and thatterraform plan
will return an exception indicating an invalid configuration.The Terraform documentation for aws_security_group
https://www.terraform.io/docs/providers/aws/r/security_group.html actually has an example that would result in the above error if it were ran as presented (it does not have a vpc_id defined but has a protocol value of "-1"). See "Basic Usage" under "Example Usage".
The text was updated successfully, but these errors were encountered: