AS011
March 13, 2023, 6:00pm
1
Hi
I have imported few sets of security groups from my AWS Account and after importing when I am trying use those resources for creating new security I am getting error cannot find resource .
locals.tf
sg_worker_node_groups_five = {
ingress_rules = []
egress_rules = [
{
from_port = 443
to_port = 443
protocol = "tcp"
prefix_list_ids = []
source_sg_names = ["sg-04exxxxxxxxxxxx"]
},
]
cidr_egress_rules = []
}
I have tried referring the source_sg_names using data and output but still it does not works . Am i missing something here ?
AS011
March 13, 2023, 6:38pm
2
Please help here . I am stuck here since long time .
maxb
March 13, 2023, 6:54pm
3
There is far too little information here for anyone to be able to help.
You need to be showing the actual parts of your Terraform code that don’t work, as well as actual error messages.
All you’ve provided above is very loose descriptions of roughly what you’re doing, and a tiny part of static data that is not really relevant to the question you are asking.
AS011
March 13, 2023, 7:08pm
4
Here goes the detailed code
resource "aws_security_group" "my-sg" {
description = "SG for MY WORK"
egress = []
ingress = [
{
cidr_blocks = []
description = ""
from_port = 443
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = [
"sg-0zxyqaqhybqydv318h",
]
self = false
to_port = 443
},
{
cidr_blocks = []
description = ""
from_port = 443
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = [
"sg-12345678901212",
]
self = false
to_port = 443
},
{
cidr_blocks = []
description = ""
from_port = 443
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = [
"sg-1234535",
]
self = false
to_port = 443
},
]
name = "name-sg"
revoke_rules_on_delete = false
tags = {}
tags_all = {}
vpc_id = "vpc-12345"
}
This is imported sg which i have imported in state file using terraform import command
Now I am creating a new SG :
sg_worker_node_groups_five = {
ingress_rules = []
egress_rules = [
{
from_port = 443
to_port = 443
protocol = "tcp"
prefix_list_ids = []
source_sg_names = [data.aws_security_group.imported_sg.id]
},
]
cidr_egress_rules = []
}
The above one is my configuration in locals.tf
And my data.tf looks like this
data "aws_security_group" "imported_sg" {
id = "sg-12aman12324"
}
My code for creating security group goes like this
resource "aws_security_group_rule" "eks_worker_node_groups_five_ingress_rules" {
count = var.create_sg_eks_worker_node_groups_five == true ? length(local.eks_worker_node_groups_five_ingress_rules) : 0
type = "ingress"
from_port = local.eks_worker_node_groups_five_ingress_rules[count.index].from_port
to_port = local.eks_worker_node_groups_five_ingress_rules[count.index].to_port
protocol = local.eks_worker_node_groups_five_ingress_rules[count.index].protocol
source_security_group_id = local.eks_worker_node_groups_five_ingress_rules[count.index].source_security_group_id
description = local.eks_worker_node_groups_five_ingress_rules[count.index].description
security_group_id = aws_security_group.eks_worker_node_groups_five[0].id
}
resource "aws_security_group_rule" "eks_worker_node_groups_five_egress_rules" {
count = var.create_sg_eks_worker_node_groups_five == true ? length(local.eks_worker_node_groups_five_egress_rules) : 0
type = "egress"
from_port = local.eks_worker_node_groups_five_egress_rules[count.index].from_port
to_port = local.eks_worker_node_groups_five_egress_rules[count.index].to_port
protocol = local.eks_worker_node_groups_five_egress_rules[count.index].protocol
source_security_group_id = local.eks_worker_node_groups_five_egress_rules[count.index].source_security_group_id
description = local.eks_worker_node_groups_five_egress_rules[count.index].description
security_group_id = aws_security_group.eks_worker_node_groups_five[0].id
}
resource "aws_security_group_rule" "eks_worker_node_groups_five_cidr_egress_rules" {
count = var.create_sg_eks_worker_node_groups_five == true ? length(local.eks_worker_node_groups_five_cidr_egress_rules) : 0
type = "egress"
from_port = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].from_port
to_port = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].to_port
protocol = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].protocol
cidr_blocks = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].cidr_blocks
description = local.eks_worker_node_groups_five_cidr_egress_rules[count.index].description
security_group_id = aws_security_group.eks_worker_node_groups_five[0].id
}
resource "null_resource" "eks_worker_node_groups_five_sg_dependency_setter" {
depends_on = [
"aws_security_group.eks_worker_node_groups_five",
]
}
AS011
March 13, 2023, 7:10pm
5
While using the above code i am facing the below error
│ Error: waiting for Security Group (sg-xyz) Rule (sgrule-12342r2d) create: couldn't find resource
│
│ with module.security-group.aws_security_group_rule.eks_worker_node_groups_five_egress_rules[0],
│ on ../../../../../modules/aws/security-group/main.tf line 1006, in resource "aws_security_group_rule" "eks_worker_node_groups_five_egress_rules":
│ 1006: resource "aws_security_group_rule" "eks_worker_node_groups_five_egress_rules" {
maxb
March 13, 2023, 7:17pm
6
You seem to be suggesting you have both a resource
and a data
block for your “imported” security group. This doesn’t make sense.
?
maxb
March 13, 2023, 7:20pm
7
Also, none of the names you’ve used in the first part of the post show up in the code in the second part of your post, defining the aws_security_group_rule
resources.
As a result, I have no idea how these parts connect.
AS011
March 13, 2023, 7:45pm
8
Umm probably not able to put my code properly . Where can i share a small sample of my code with all directory structure .
maxb
March 13, 2023, 7:49pm
9
I suggest creating a repository on GitHub and using that to show your code.
AS011
March 13, 2023, 7:58pm
10
maxb
March 13, 2023, 11:44pm
11
I’m pretty sure your direct issue is that you are mixing up security group IDs and names , by passing an ID where a name is expected.
Beyond that, there’s also the point I mentioned earlier - that it’s generally not right to have both data
and resource
blocks referring to the same underlying thing (the security group you imported).
What you’ve shared of your code also seems really complicated - I wonder if you’re causing problems for yourself by just having too many layers of abstraction.