Persistent errors trying to create/modify security groups

hugbubby · November 8, 2020, 3:30am

I really need help fixing two dev environments I have. The security groups
have been completely messed up and now every build some will time out after ten minutes attempting to be created. Often I’ll check with the aws console and they’ll seem correct, but
terraform will report a combination of missing, already existing, and
un-deleted ones. I think it’s because I used ingress/egress inline in
combination with the aws_security_group_rule resource but I’ve fixed that and
now nothing is working.

I’ve tried tainting, renaming, and removing these security groups and rules. I’ve also tried using the terraform console to add/remove the referenced rules. It doesn’t work, and every apply is failing.

Here’s an example output 10 minutes after running a terraform apply, when the rule creations finish timing out:

Error: Error revoking security group sg-0550f74a6ecfed984 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
	status code: 400, request id: dda4e95a-d80f-4e75-8f6d-4cfe4cd32e3d

Error: Error finding matching egress Security Group Rule (sgrule-1748709443) for Group sg-0bc5a3c2fca25dc85



Error: Error revoking security group sg-0afff9c9ac5f172d2 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
	status code: 400, request id: c9e31370-0197-41cb-9ece-3a93933f3bc7



Error: Error finding matching ingress Security Group Rule (sgrule-482644346) for Group sg-0046000934720aa8a



Error: Error deleting security group: DependencyViolation: resource sg-0d33502ad7af1a994 has a dependent object
	status code: 400, request id: 5b2a7a8c-8936-45eb-bab7-fd8f82ab51b3



Error: Error finding matching egress Security Group Rule (sgrule-3592764221) for Group sg-0046000934720aa8a



Error: Error finding matching egress Security Group Rule (sgrule-1846101206) for Group sg-0923024bfeaa11df1



Error: Error revoking security group sg-0434a93ac709e7171 rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
	status code: 400, request id: 40d140ee-4c9a-4172-ae6c-35a69899b936



Error: Error finding matching ingress Security Group Rule (sgrule-1370284460) for Group sg-0046000934720aa8a



Error: Error deleting security group: DependencyViolation: resource sg-0072ea505fdcdd405 has a dependent object
	status code: 400, request id: 4fbafdec-fc28-4643-b62a-2d4d6cc7ec85

If someone here has any advice I’d really appreciate it.

zhelanov · December 16, 2021, 2:46pm

Hi! Have you found a solution?
Faced the same issue on Terraform v1.0.10, registry.terraform.io/hashicorp/aws v3.69.0.
Resources are exist for sure but for some reason I get “InvalidPermission.NotFound” error