Applying this terraform code:
inbound_rules = [
{ port = 53, protocol = "-1" }, # DNS
{ port = 88, protocol = "-1" }, # Kerberos
{ port = 123, protocol = "udp" }, # Time Sync (NTP)
{ port = 135, protocol = "tcp" }, # RPC Endpoint Mapper
{ port = 389, protocol = "-1" }, # LDAP
{ port = 445, protocol = "tcp" }, # SMB
{ port = 464, protocol = "-1" }, # Kerberos (password)
{ port = 636, protocol = "tcp" }, # LDAP SSL
{ port = 3268, protocol = "tcp" }, # LDAP Global Catalog
{ port = 3269, protocol = "tcp" } # LDAP Global Catalog SSL
]
}
resource "aws_security_group" "allow_delinea" {
name = "Delinea DC Communication"
description = "Delinea DC Communication"
vpc_id = "vpc-8ae1c9e3"
dynamic ingress {
for_each = local.inbound_rules
content {
from_port = ingress.value.port
to_port = ingress.value.port
protocol = ingress.value.protocol
cidr_blocks = [
"206.178.22.0/26",
"206.178.22.64/26",
"161.108.91.192/27",
"161.108.91.224/27",
"161.108.91.32/28",
"161.108.91.48/28",
"161.108.175.32/28",
"161.108.175.48/28",
"161.108.208.192/26",
"161.108.208.128/26",
"161.108.90.0/25",
"161.108.90.128/25",
"192.168.1.192/26",
"192.168.1.128/26"
]
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
}
results in this error:
Error: updating Security Group (sg-01d46a94486d4a08e) ingress rules: updating rules: from_port (88) and to_port (88) must both be 0 to use the ‘ALL’ “-1” protocol!
This seems similar to this closed issue from 2015: