terraform-aws-elasticsearch icon indicating copy to clipboard operation
terraform-aws-elasticsearch copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

security_groups ignored

Open holisticode opened this issue 5 years ago • 8 comments

Describe the Bug

Whatever is in security_groups seems to be ignored

Expected Behavior

Security groups specified in security_groups should be applied

Steps to Reproduce

security_groups = [aws_security_group.my_group1.id, aws_security_group.my_group2.id]

Screenshots

Output of terraform plan:

 ~ vpc_options {
            availability_zones = [
               <LIST>
            ]
          ~ security_group_ids = [
              - "sg-<my_group1.id>",
              - "sg-<my_group2.id>",
                "sg-<generated-group.id>",
              - "sg-<manually_added_group.id>",
            ]

In the above output, terraform is again trying to remove the groups I have manually added to the ES domain configuration via the AWS Web UI because in a previous run they did NOT get applied.

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

  • OS: ubuntu on AWS
  • Version 18.04

holisticode avatar Jul 22 '20 21:07 holisticode

I'm experiencing the same issue, I created everything via terraform cli so It could not be a conflict with terraform state, I think its a bug.

etessari avatar Feb 05 '21 15:02 etessari

Yup me too. Try to add more security group but still not apply

devops-nfq avatar May 26 '21 06:05 devops-nfq

Same issue.

king131 avatar Jun 09 '21 02:06 king131

I had found that, in the .terraform/modules/elasticsearch/main.tf line 164,the code security_group_ids = [join("", aws_security_group.default.*.id)] ,this security did not add any security_group content which we add in the parent module.

So, i added my security group id here manually. It's working. Like this security_group_ids = [join("", aws_security_group.default.*.id),"sg-xxxxxxxx"]

king131 avatar Jun 09 '21 03:06 king131

Same issue.

lbrulet avatar Jul 07 '21 15:07 lbrulet

The security_groups configuration option refers to the security groups that have access to the cluster' security group. This is an excerpt of a plan:

  + resource "aws_security_group_rule" "ingress_security_groups" {
      + description              = "Allow inbound traffic from Security Groups"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = "sg-AAAAAAA"
      + to_port                  = 65535
      + type                     = "ingress"
    }

Each specified SG will create a new ingress rule.

lgiuliani-mwb avatar Nov 17 '21 13:11 lgiuliani-mwb

Experiencing the same issue. Not able to attach security groups I have defined myself.

If you add security groups manually in the console, they will be overwritten whenever you run terraform apply. This completely breaks this module for anyone who would like to define separate security groups.

vegarab avatar Mar 15 '22 13:03 vegarab

Hello, I have the same issue. @bgottlob thank you for your PR ! Have you any update about it ?

ycointe avatar Aug 29 '22 10:08 ycointe

@osterman any update on this? Can we escalate?

acmitch avatar Jan 14 '23 02:01 acmitch