in my module i update rules on a security group as per below
resource "aws_security_group_rule" "vpn-connection-sg-rule" {
count = "${length(var.ingress_ports)}"
type = "ingress"
from_port = "${element(var.ingress_ports, count.index)}"
to_port = "${element(var.ingress_ports, count.index)}"
protocol = "tcp"
cidr_blocks = "${var.destination_cidr}"
security_group_id = "${data.aws_security_group.sg-foo.id}"
}
during the first run, the described rules are added to the group references using data sources.
the definition for the security group that is referenced here is defined in the environment (and the statestore) that utilize the module
resource "aws_security_group" "sg-foo" {
//.... redacted for simplicity
tags = {
Name = "foobar"
ManagedBy = "Terraform"
}
}
how can I ensure that terraform doesn’t remove the rules provisioned by the module in the consecutive run?