Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security group order always changes #195

Closed
lgtml opened this issue Aug 14, 2014 · 2 comments
Closed

Security group order always changes #195

lgtml opened this issue Aug 14, 2014 · 2 comments

Comments

@lgtml
Copy link

lgtml commented Aug 14, 2014

Description:

Every time I run terraform the security group order is changed and force a "new resources". This obviously does not affect nodes with a single security group.

Reproduce

  1. Configure Security group
  2. Assign to instance
  3. Run Apply
  4. Run plan
    security_groups.0: "sg-aaaaaaa" => "sg-bbbbbbb" (forces new resource)
    security_groups.1: "sg-bbbbbbb" => "sg-aaaaaaa" (forces new resource)

Security Group Config

## Truncated Configuration for testing
resource "aws_security_group" "bastion" {
    name = "bastion ${var.environment}"
    description = "Allow 22 from anywhere"
    vpc_id = "${aws_vpc.main.id}"

    ingress {
        from_port = 22
        to_port = 22
        protocol = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }   
}

resource "aws_security_group" "default" {
    name = "default ${var.environment}"
    description = "Allow 22 from bastion"
    vpc_id = "${aws_vpc.main.id}"

    ingress {
        from_port = 22
        to_port = 22
        protocol = "tcp"
        security_groups = ["${aws_security_group.bastion.id}"]
    }   
}

resource "aws_security_group" "elb" {
    name = "elb ${var.environment}"
    description = "Allow all http and https"
    vpc_id = "${aws_vpc.main.id}"

    ingress {
        from_port = 80
        to_port = 80
        protocol = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }   
    ingress {
        from_port = 443 
        to_port = 443 
        protocol = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }   
}

# NOTE: changed ports for paranoia 
resource "aws_security_group" "haproxy" {
    name = "haproxy ${var.environment}"
    description = "Allow 5000,8888,9000 from elb security group"
    vpc_id = "${aws_vpc.main.id}"

    ingress {
        from_port = 1234
        to_port = 1234
        protocol = "tcp"
        security_groups = ["${aws_security_group.elb.id}"]
    }   
    ingress {
        from_port = 1235
        to_port = 1235
        protocol = "tcp"
        security_groups = ["${aws_security_group.elb.id}"]
    }   
    ingress {
        from_port = 1236
        to_port = 1236
        protocol = "tcp"
        security_groups = ["${aws_security_group.elb.id}"]
    }   
}

resource "aws_instance" "haproxy-1" {
  ami = "${var.aws_amis.common}"
  availability_zone = "${aws_subnet.haproxy-a.availability_zone}"
  subnet_id = "${aws_subnet.haproxy-a.id}"
  security_groups = [ "${aws_security_group.default.id}","${aws_security_group.haproxy.id}" ]
  instance_type = "m3.medium"
  key_name = "${var.aws_keyname}"

}
@mitchellh
Copy link
Contributor

This is a dup of #87. A fix will come in soon. Sorry!

@ngbinh
Copy link

ngbinh commented Nov 24, 2014

I still see the same problem on v0.3.1
security_groups = [ "${aws_security_group.default.id}","${aws_security_group.haproxy.id}" ] will force new resource every time I run terraform apply:

 security_groups.0:                  "sg-2b6b8d4f" => "sg-346b8d50" (forces new resource)
 security_groups.1:                  "sg-346b8d50" => "sg-2b6b8d4f" (forces new resource)

@ghost ghost locked and limited conversation to collaborators May 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mitchellh @ngbinh @lgtml