Here is my code and the rules getting toggle always. Meaning when I execute, it adds the ingress rules for the security group, if I do Terraform apply, getting deleted these rules from the security group, when I do Terraform apply, add again. and this is kind of scenario like Toggles
Below is my code and is there any way to fix this issue?
resource “aws_security_group” “emr_master_private” {
vpc_id = “${aws_vpc.vpc-dev.id}”
name = “${var.emr_master_pri_name}”
description = “Allow all ssh conection from internet”
ingress {
from_port = 0
to_port = 65535
protocol = “tcp”
self = true
}
ingress {
from_port = 0
to_port = 65535
protocol = “udp”
self = true
}
ingress {
from_port = -1
to_port = -1
protocol = “icmp”
self = true
}
tags = {
Name = “${var.emr_master_pri_name}”
Source = “${var.infra_source}”
}
}
resource “aws_security_group” “emr_slave_private” {
vpc_id = “${aws_vpc.vpc-dev.id}”
name = “${var.emr_slave_pri_name}”
description = “Allow all ssh conection from internet”
ingress {
from_port = 0
to_port = 65535
protocol = “tcp”
self = true
}
ingress {
from_port = 0
to_port = 65535
protocol = “udp”
self = true
}
ingress {
from_port = -1
to_port = -1
protocol = “icmp”
self = true
}
tags = {
Name = “${var.emr_slave_pri_name}”
Source = “${var.infra_source}”
}
}
resource “aws_security_group_rule” “emr_master_private_tcp” {
type = “ingress”
from_port = 0
to_port = 65535
protocol = “tcp”
security_group_id = “${aws_security_group.emr_master_private.id}”
source_security_group_id = “${aws_security_group.emr_slave_private.id}”
}
resource “aws_security_group_rule” “emr_master_private_udp” {
type = “ingress”
from_port = 0
to_port = 65535
protocol = “udp”
security_group_id = “${aws_security_group.emr_master_private.id}”
source_security_group_id = “${aws_security_group.emr_slave_private.id}”
}
resource “aws_security_group_rule” “emr_master_private_icmp” {
type = “ingress”
from_port = -1
to_port = -1
protocol = “icmp”
security_group_id = “${aws_security_group.emr_master_private.id}”
source_security_group_id = “${aws_security_group.emr_slave_private.id}”
}
resource “aws_security_group_rule” “emr_slave_private_tcp” {
type = “ingress”
from_port = 0
to_port = 65535
protocol = “tcp”
security_group_id = “${aws_security_group.emr_slave_private.id}”
source_security_group_id = “${aws_security_group.emr_master_private.id}”
}
resource “aws_security_group_rule” “emr_slave_private_udp” {
type = “ingress”
from_port = 0
to_port = 65535
protocol = “udp”
security_group_id = “${aws_security_group.emr_slave_private.id}”
source_security_group_id = “${aws_security_group.emr_master_private.id}”
}
resource “aws_security_group_rule” “emr_slave_private_icmp” {
type = “ingress”
from_port = -1
to_port = -1
protocol = “icmp”
security_group_id = “${aws_security_group.emr_slave_private.id}”
source_security_group_id = “${aws_security_group.emr_master_private.id}”
}
Thank you,
Bala