Assign multiple security groups to EC2

leeryanrs · March 30, 2021, 4:13pm

Hi there,

New user with terraform here!

Hoping to find some help here on a simple issue where i’m trying to assign multiple security groups to an EC2…

I’m using the below in my module, where i’m also creating the security group resources…

resource "aws_network_interface_sg_attachment" "sg_attachment" {

  security_group_id      = [aws_security_group.accept_challenge_traffic_application_rules.id, aws_security_group.accept_challenge_traffic_management_rules.id]

  network_interface_id   = aws_instance.WebHost-01.primary_network_interface_id

}

however it’s failing as it doesn’t seem to like me giving a comma with multiple id’s…is there a different argument I should be using? I can’t find any simple examples of this.

stuart-c · March 30, 2021, 4:12pm

The aws_network_interface_sg_attachment resource only accepts a single security group (hence the name of the parameter being _id instead if _ids). Therefore you’d need to create multiple resources to attach more than one. This is a good use for the count or for_each mechanisms.

leeryanrs · March 30, 2021, 6:06pm

Hi Stuart,

Thanks for your reply!

I’ve actually just found another, perhaps better way to do this. Your method seems to be using a loop argument which i would like to avoid to keep the code simpler. What i’ve found is that you can actually supply the security groups in the EC2 resource creation block, as so -

vpc_security_group_ids = [aws_security_group.application_rules.id,aws_security_group.allow_ssh_inbound.id]

And once you’ve done this, you can remove the sg_attachment part as it’s not needed.

Hope this helps anyone who stumbles upon this thread also!