You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the Terraform documentation (and plan seems to confirm this) this should be perfectly acceptable configuration but it in fact is not. Only Security Groups created under VPCs are allowed to have a protocol value of anything but "tcp", "udp", and "icmp" (i.e. "-1")
Actual Behavior
An EC2 API exception is returned to Terraform and raised.
Error applying plan:
1 error(s) occurred:
* aws_security_group.test_sg: 1 error(s) occurred:
* aws_security_group.test_sg: Error authorizing security group ingress rules: InvalidPermission.Malformed: Unsupported IP protocol "-1" - supported: [tcp, udp, icmp]
status code: 400, request id: 14e00208-087d-4cf1-b5c0-23c48f70f0d9
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Steps to Reproduce
Please list the full steps required to reproduce the issue, for example:
Create an aws_security_group resource that has no vpc_id and contains an ingress rule with a protocol value of "-1"
terraform init
terraform apply
Important Factoids
I am not expecting this to result in a change to the behavior of terraform apply but rather that the documentation will be updated to reflect this limitation and that terraform plan will return an exception indicating an invalid configuration.
The Terraform documentation for aws_security_group https://www.terraform.io/docs/providers/aws/r/security_group.html actually has an example that would result in the above error if it were ran as presented (it does not have a vpc_id defined but has a protocol value of "-1"). See "Basic Usage" under "Example Usage".
The text was updated successfully, but these errors were encountered:
This issue has been automatically migrated to hashicorp/terraform-provider-aws#1670 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to this issue and let us know.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
ghost
locked and limited conversation to collaborators
Apr 7, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Terraform Version
Terraform v0.10.4
Terraform Configuration Files
Debug Output
plan: https://gist.github.com/ryno75/9bc7f915b2de350976e03e1fe6c410a5
apply: https://gist.github.com/ryno75/0356173e5ab99fd30b5814b027dbc2e2
Expected Behavior
According to the Terraform documentation (and plan seems to confirm this) this should be perfectly acceptable configuration but it in fact is not. Only Security Groups created under VPCs are allowed to have a protocol value of anything but "tcp", "udp", and "icmp" (i.e. "-1")
Actual Behavior
An EC2 API exception is returned to Terraform and raised.
Steps to Reproduce
Please list the full steps required to reproduce the issue, for example:
terraform init
terraform apply
Important Factoids
I am not expecting this to result in a change to the behavior of
terraform apply
but rather that the documentation will be updated to reflect this limitation and thatterraform plan
will return an exception indicating an invalid configuration.The Terraform documentation for aws_security_group
https://www.terraform.io/docs/providers/aws/r/security_group.html actually has an example that would result in the above error if it were ran as presented (it does not have a vpc_id defined but has a protocol value of "-1"). See "Basic Usage" under "Example Usage".
The text was updated successfully, but these errors were encountered: