"Computed attribute cannot be set" error in client vpn network association


I am trying to add a client VPN endpoint to my VPC with one security group ID in an aws_ec2_client_vpn_network_association resource.

Unfortunately I get a Computed attribute cannot be set error when running terraform apply.

resource "aws_ec2_client_vpn_network_association" "client-vpn-network-association" {
   client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.clientVPN.id
   security_groups        = [aws_security_group.clientVPNAccess.id]
   subnet_id = aws_subnet.private-subnet.id

When I try to run it but without security_groups argument in my .tf, all works fine and I’m able to add this desired security group manually in AWS web-console.

Maybe you have any idea what am I doing wrong?


Could you share a terraform plan output?

Indeed security_groups is flagged as computed.
terraform-provider-aws/resource_aws_ec2_client_vpn_network_association.go at master · hashicorp/terraform-provider-aws (github.com)