I’m in the process of migrating the management of our entire environment over to Terraform. We have migrated all of our security groups and associated rules, but are running into issues with the security group attachments. The security groups are already attached to the ENIs, via the manual AWS console process. We want to import those attachments and attach any new ENIs going forward via Terraform, leveraging data source lookups and aws_network_interface_sg_attachment resource. Below is how we are importing the ENIs for SG attachment, followed by the errors we are receiving for the hundreds of ENIs we are trying to attach to.
TF CODE
data "aws_network_interfaces" "siteENI" {
count = lookup(var.role_enabled, "site", 0)
filter {
name = "group-name"
values = ["none-${var.site_name}-siteENI*"]
}
}
resource "aws_network_interface_sg_attachment" "siteENI" {
count = lookup(var.role_enabled, "site", 0) == 1 ? length(data.aws_network_interfaces.siteENI[0].ids) : 0
network_interface_id = flatten(data.aws_network_interfaces.siteENI[0].ids)[count.index]
security_group_id = aws_security_group.site_security_group[0].id
}
TF PLAN
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
* create
Terraform will perform the following actions:
module.security_groups.aws_network_interface_sg_attachment.siteENI[0] will be created
* resource "aws_network_interface_sg_attachment" "siteENI" {
* id = (known after apply)
* network_interface_id = "eni-07ecebc59abc98d1a"
* security_group_id = "sg-e4245c82"
}
TF ERROR
Error: security group sg-e4245c82 already attached to interface ID eni-07ecebc59abc98d1a
on ../../modules/security_groups/siteENI_sg_main.tf line 26, in resource "aws_network_interface_sg_attachment" "siteENI":
26: resource "aws_network_interface_sg_attachment" "siteENi" {
What solutions are available? Any way a terraform import option can be made available?
Thanks!