Terraform plan shows no updates after adding extra value to CIDR_BLOCKS variable for ingress rule

I have a rule for a security group that includes the following code.

ingress {
  description = "1984 from xymon client"
  from_port   = local.xymon_port
  to_port     = local.xymon_port
  protocol    = local.tcp_proto
 cidr_blocks = var.xymon_clients_cidr

The variable just contains a number of CIDR ranges coded as

“xxx.xxx.xxx.0/24”, “xxx.xxx.xxx.0/24” etc

When I add an extra CIDR range to the variable and run Terraform Plan it comes up with

  • No changes. Your infrastructure matches the configuration.

The only way I can apply the change is to manually update it on AWS and then run

terraform apply -refresh-only

Is their a better way I can code this so it will recognise the updates?

Are there any lifecycle rules set with this security group’s terraform?

Is your variable set as a list including the [ ] characters around your CIDR blocks?

It appears this was an ID 10 T error. There was a lifecycle rule and in there was a single line saying

ignore_changes = [ingress]

I didn’t originally write this code and I just hadn’t scrolled down far enough to see this bit.

No worries - glad you found it @wizzard99