Error with code - help

Terraform
1

Hello all,
I am using Terraform version
Terraform v0.12.25

  • provider.aws v2.62.0

I have a problem creating a security group resource using the below code

resource “aws_security_group” “dev_sg” {
name = “dev_sg”
description = “Allow port80 and ssh access to dev”
vpc_id = “{aws_vpc.Myvpc.id}”

ingress {
description = “http from vpc”
from_port = 22
to_port = 22
protocol = “ssh”![Terraform|416x114]
cidr_blocks = [“0.0.0.0/0”]

Terraform

2

Hi there!

I’m not sure what the intent is of the security group, since you’ve specified tcp port 22 for ssh in the security group rule, Allow port 80 and ssh access to dev as the security group description, and at the same time the description for that rule indicates that you’d like to enable http from vpc.

Let’s go with the security group description – that you want to create a security group to enable ssh and http access.

You will in both cases want to specify a value of tcp for protocol .

If your intent is to allow ssh from within the VPC, you can reference the CIDR block from that VPC definition.

If your intent is to allow ssh from outside of the VPC, please consider whether you really want to allow access from 0.0.0.0/0.

In the example below, we’re going to allow ssh from within the VPC, and we’re going to allow http from the world. You can modify it according to your needs.

Also, where you create the aws_vpc, I would suggest you keep its local name lowercase – so myvpc rather than Myvpc in this case.

You can always run terraform validate using the Terraform CLI to validate your Terraform code.

Here’s the code I used to test based on the information that you provided.

terraform {
  required_version = "0.12.25"
  required_providers {
    aws            = "2.62.0"
  }
}

resource aws_vpc myvpc {
  cidr_block       = "10.0.0.0/16"
}

resource aws_security_group dev_sg {
  name             = "dev_sg"
  description      = "Allow port 80 and ssh access to dev"
  vpc_id           = aws_vpc.myvpc.id

  ingress {
    description    = "allow ssh from vpc"
    from_port      = 22
    to_port        = 22
    protocol       = "tcp"
    cidr_blocks    = [aws_vpc.myvpc.cidr_block]
  }

  ingress {
    description    = "allow http from world"
    from_port      = 80
    to_port        = 80
    protocol       = "tcp"
    cidr_blocks    = ["0.0.0.0/0"]
  }
}

$ terraform validate 
Success! The configuration is valid.

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_security_group.dev_sg will be created
  + resource "aws_security_group" "dev_sg" {
      + arn                    = (known after apply)
      + description            = "Allow port 80 and ssh access to dev"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "allow http from world"
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "allow ssh from vpc"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "dev_sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # aws_vpc.myvpc will be created
  + resource "aws_vpc" "myvpc" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "10.0.0.0/16"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = (known after apply)
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

I hope this answers your questions.

Regards,
-y

3

Hi Ykhemani,
Thanks for checking my code, yes its seem to be working now.
I changed the vpc from “Myvpc” to “myvpc” that now allows me to use cidr_blocks = [aws_vpc.myvpc.cidr_block] instead of hard-coding the ip ranges.

I am surprised the upcase made such a difference…

Thanks for your help