Using the imported resources to create new ones

AS011 · March 13, 2023, 6:00pm

Hi
I have imported few sets of security groups from my AWS Account and after importing when I am trying use those resources for creating new security I am getting error cannot find resource .

locals.tf

    sg_worker_node_groups_five = {
      ingress_rules = []
      egress_rules = [
        {
          from_port = 443
          to_port   = 443
          protocol  = "tcp"
          prefix_list_ids = []
          source_sg_names = ["sg-04exxxxxxxxxxxx"]
        },
      ]
      cidr_egress_rules = []
    }

I have tried referring the source_sg_names using data and output but still it does not works . Am i missing something here ?

AS011 · March 13, 2023, 6:38pm

Please help here . I am stuck here since long time .

maxb · March 13, 2023, 6:54pm

There is far too little information here for anyone to be able to help.

You need to be showing the actual parts of your Terraform code that don’t work, as well as actual error messages.

All you’ve provided above is very loose descriptions of roughly what you’re doing, and a tiny part of static data that is not really relevant to the question you are asking.

AS011 · March 13, 2023, 7:08pm

Here goes the detailed code

resource "aws_security_group" "my-sg" {
       description            = "SG for MY WORK" 
       egress                 = []
       ingress                = [
          {
              cidr_blocks      = []
              description      = ""
              from_port        = 443
              ipv6_cidr_blocks = []
              prefix_list_ids  = []
              protocol         = "tcp"
              security_groups  = [
                  "sg-0zxyqaqhybqydv318h",
                ]
              self             = false
              to_port          = 443
            },
          {
              cidr_blocks      = []
              description      = ""
              from_port        = 443
              ipv6_cidr_blocks = []
              prefix_list_ids  = []
              protocol         = "tcp"
              security_groups  = [
                  "sg-12345678901212",
                ]
              self             = false
              to_port          = 443
            },
          {
              cidr_blocks      = []
              description      = ""
              from_port        = 443
              ipv6_cidr_blocks = []
              prefix_list_ids  = []
              protocol         = "tcp"
              security_groups  = [
                  "sg-1234535",
                ]
              self             = false
              to_port          = 443
            },
        ]
       name                   = "name-sg"
       revoke_rules_on_delete = false
      tags                   = {}
       tags_all               = {}
       vpc_id                 = "vpc-12345"
}

This is imported sg which i have imported in state file using terraform import command

Now I am creating a new SG :

    sg_worker_node_groups_five = {
      ingress_rules = []
      egress_rules = [
        {
          from_port = 443
          to_port   = 443
          protocol  = "tcp"
          prefix_list_ids = []
          source_sg_names = [data.aws_security_group.imported_sg.id]
        },
      ]
      cidr_egress_rules = []
    }

The above one is my configuration in locals.tf

And my data.tf looks like this

data "aws_security_group" "imported_sg" {
  id = "sg-12aman12324"
}

My code for creating security group goes like this

resource "aws_security_group_rule" "eks_worker_node_groups_five_ingress_rules" {
  count                    = var.create_sg_eks_worker_node_groups_five == true ? length(local.eks_worker_node_groups_five_ingress_rules) : 0
  type                     = "ingress"
  from_port                = local.eks_worker_node_groups_five_ingress_rules[count.index].from_port
  to_port                  = local.eks_worker_node_groups_five_ingress_rules[count.index].to_port
  protocol                 = local.eks_worker_node_groups_five_ingress_rules[count.index].protocol
  source_security_group_id = local.eks_worker_node_groups_five_ingress_rules[count.index].source_security_group_id
  description              = local.eks_worker_node_groups_five_ingress_rules[count.index].description
  security_group_id        = aws_security_group.eks_worker_node_groups_five[0].id
}


resource "aws_security_group_rule" "eks_worker_node_groups_five_egress_rules" {
  count                    = var.create_sg_eks_worker_node_groups_five == true ? length(local.eks_worker_node_groups_five_egress_rules) : 0
  type                     = "egress"
  from_port                = local.eks_worker_node_groups_five_egress_rules[count.index].from_port
  to_port                  = local.eks_worker_node_groups_five_egress_rules[count.index].to_port
  protocol                 = local.eks_worker_node_groups_five_egress_rules[count.index].protocol
  source_security_group_id = local.eks_worker_node_groups_five_egress_rules[count.index].source_security_group_id
  description              = local.eks_worker_node_groups_five_egress_rules[count.index].description
  security_group_id        = aws_security_group.eks_worker_node_groups_five[0].id
}

resource "aws_security_group_rule" "eks_worker_node_groups_five_cidr_egress_rules" {
  count             = var.create_sg_eks_worker_node_groups_five == true ? length(local.eks_worker_node_groups_five_cidr_egress_rules) : 0
  type              = "egress"
  from_port         = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].from_port
  to_port           = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].to_port
  protocol          = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].protocol
  cidr_blocks       = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].cidr_blocks
  description       = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].description
  security_group_id = aws_security_group.eks_worker_node_groups_five[0].id
}


resource "null_resource" "eks_worker_node_groups_five_sg_dependency_setter" {
  depends_on = [
    "aws_security_group.eks_worker_node_groups_five",
  ]
}

AS011 · March 13, 2023, 7:10pm

While using the above code i am facing the below error

│ Error: waiting for Security Group (sg-xyz) Rule (sgrule-12342r2d) create: couldn't find resource
│
│   with module.security-group.aws_security_group_rule.eks_worker_node_groups_five_egress_rules[0],
│   on ../../../../../modules/aws/security-group/main.tf line 1006, in resource "aws_security_group_rule" "eks_worker_node_groups_five_egress_rules":
│ 1006: resource "aws_security_group_rule" "eks_worker_node_groups_five_egress_rules" {

maxb · March 13, 2023, 7:17pm

You seem to be suggesting you have both a resource and a data block for your “imported” security group. This doesn’t make sense.

?

maxb · March 13, 2023, 7:20pm

Also, none of the names you’ve used in the first part of the post show up in the code in the second part of your post, defining the aws_security_group_rule resources.

As a result, I have no idea how these parts connect.

AS011 · March 13, 2023, 7:45pm

Umm probably not able to put my code properly . Where can i share a small sample of my code with all directory structure .

maxb · March 13, 2023, 7:49pm

I suggest creating a repository on GitHub and using that to show your code.

AS011 · March 13, 2023, 7:58pm

https://github.com/AS011/tfx-cell

Have added you to this repo .

maxb · March 13, 2023, 11:44pm

I’m pretty sure your direct issue is that you are mixing up security group IDs and names, by passing an ID where a name is expected.

Beyond that, there’s also the point I mentioned earlier - that it’s generally not right to have both data and resource blocks referring to the same underlying thing (the security group you imported).

What you’ve shared of your code also seems really complicated - I wonder if you’re causing problems for yourself by just having too many layers of abstraction.