1.43.1+ is introducing plan changes in aws_security_group_rule when protocol = -1 and {to,from}_port != 0

[devonbleak]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

$ terraform -v
Terraform v0.11.10
+ provider.archive v1.0.0
+ provider.aws v1.43.2
+ provider.template v1.0.0

Affected Resource(s)

• aws_security_group_rule

Terraform Configuration Files

resource "aws_security_group_rule" "analytics_spark_emr_master_egress" {
  security_group_id = "${aws_security_group.analytics_spark_emr_master.id}"
  type              = "egress"
  protocol          = -1
  from_port         = -1
  to_port           = -1
  cidr_blocks       = ["0.0.0.0/0"]
}

Expected Behavior

No plan should be generated as nothing has changed in the source.

Actual Behavior

Terraform will perform the following actions:

-/+ aws_security_group_rule.analytics_spark_emr_master_egress (new resource required)
      id:                       "sgrule-578021423" => <computed> (forces new resource)
      cidr_blocks.#:            "1" => "1"
      cidr_blocks.0:            "0.0.0.0/0" => "0.0.0.0/0"
      from_port:                "0" => "-1" (forces new resource)
      protocol:                 "-1" => "-1"
      security_group_id:        "sg-34ab9d49" => "sg-34ab9d49"
      self:                     "false" => "false"
      source_security_group_id: "" => <computed>
      to_port:                  "0" => "-1" (forces new resource)
      type:                     "egress" => "egress"


Plan: 1 to add, 0 to change, 1 to destroy.

Steps to Reproduce

1. terraform plan

Important Factoids

References

• resource/aws_security_group_rule crashes with provider version 1.43.1 #6416 - this was mentioned in a comment here but seems to have gotten lost.

[bflad]

Hi @devonbleak 👋 Thanks for following up about this and sorry for the trouble. The fix for this situation is already merged (#6423) and will release with version 1.44.0 of the AWS provider, likely today or tomorrow.

I'm going to keep this issue open so folks can find it easier until release. 👍

[devonbleak]

@bflad outstanding - thank you for the speedy response!

[bflad]

This has been released in version 1.44.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!