AWS security groups must be allowed to have cyclic dependencies between each other (v0.3.1) #530
Description
Security groups are applied to instances. If one instance associated with a security group wants to connect to another instance associated with the same the security group, the security group must have an allow rule with a source of itself (meaning "other instances associated with this group").
The following must be allowed:
resource "aws_security_group" "public" {
...
}
resource "aws_security_group" "private" {
...
ingress {
protocol = "tcp"
from_port = 1024
to_port = 65535
security_groups = ["${aws_security_group.public.id}", "${aws_security_group.private.id}"]
}
}
However we get the following error:
$ terraform apply
Error configuring: Error building module graph 'security_group': The dependency graph is not valid:
* Cycle: aws_security_group.private
Additionally, non-self cycles must be allowed as two security groups may have allow rules from each other.
Ref: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#VPCSecurityGroups
"Instances associated with a security group can't talk to each other unless you add rules allowing it (exception: the default security group has these rules by default)."