HashiCorp Discuss

Terraform plan shows no updates after adding extra value to CIDR_BLOCKS variable for ingress rule

Terraform Providers AWS

wizzard99 November 2, 2022, 4:17pm 1

I have a rule for a security group that includes the following code.

ingress {
  description = "1984 from xymon client"
  from_port   = local.xymon_port
  to_port     = local.xymon_port
  protocol    = local.tcp_proto
 cidr_blocks = var.xymon_clients_cidr

The variable just contains a number of CIDR ranges coded as
“xxx.xxx.xxx.0/24”, “xxx.xxx.xxx.0/24” etc
When I add an extra CIDR range to the variable and run Terraform Plan it comes up with

No changes. Your infrastructure matches the configuration.

The only way I can apply the change is to manually update it on AWS and then run
terraform apply -refresh-only

Is their a better way I can code this so it will recognise the updates?

gstotts November 3, 2022, 9:28pm 2

Are there any lifecycle rules set with this security group’s terraform?

Is your variable set as a list including the [ ] characters around your CIDR blocks?

wizzard99 November 4, 2022, 7:24am 3

It appears this was an ID 10 T error. There was a lifecycle rule and in there was a single line saying


  ignore_changes        = [ingress]

I didn’t originally write this code and I just hadn’t scrolled down far enough to see this bit.

gstotts November 4, 2022, 1:46pm 4

No worries - glad you found it @wizzard99