terraform-aws-atlantis icon indicating copy to clipboard operation
terraform-aws-atlantis copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Error with EFS security group if using existing VPC

Open bodgit opened this issue 3 years ago β€’ 7 comments

Description

If using an existing VPC rather than let this module create it, it now generates this error:

β”‚ Error: "" is not a valid CIDR block: invalid CIDR address: 
β”‚ 
β”‚   with module.atlantis.module.efs_sg[0].module.sg.aws_security_group_rule.ingress_rules[0],
β”‚   on .terraform/modules/atlantis.efs_sg/main.tf line 70, in resource "aws_security_group_rule" "ingress_rules":
β”‚   70:   cidr_blocks      = var.ingress_cidr_blocks
β”‚ 
β•΅

This is due to this line: https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/2df6bd6d5350d38e42ad9c63103c642f60293a43/main.tf#L382

var.cidr doesn't need to be set if you have the VPC already created and are passing it in with var.vpc_id.

Versions

  • Terraform: 1.1.3
  • Provider(s): aws 3.74.2
  • Module: 3.12.0

Reproduction

Steps to reproduce the behavior:

Code Snippet to Reproduce

Use this module with the vpc_id parameter to use an existing VPC.

Expected behavior

It shouldn't be erroring, possibly should be using a datasource to get the CIDR block associated with the VPC referenced by var.vpc_id.

Actual behavior

See above.

bodgit avatar Feb 14 '22 14:02 bodgit

https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/2df6bd6d5350d38e42ad9c63103c642f60293a43/variables.tf#L62-L66

The description is not correct, when you pass a vpc_id you still need to set var.cidr as var.enable_ephemeral_storage defaults to false.

aairey avatar Feb 22 '22 22:02 aairey

@aairey so I should give the cidr block of my existing vpc?

dgokcin avatar Apr 02 '22 12:04 dgokcin

Yes, but things might've changed now in the latest release. Haven't tried it yet.

aairey avatar Apr 02 '22 15:04 aairey

Yes, but things might've changed now in the latest release. Haven't tried it yet.

It still does not work. There should be no need to specify the VPC CIDR block if you are specifying the vpc_id. The terraform should just look it up if it needs it.

llamahunter avatar Apr 06 '22 23:04 llamahunter

@bodgit I've updated version v3.15.0 with changes you've made on this commit 54bd2d9 and was able to solve the cidr sg issue. Thanks

asantos-fuze avatar May 03 '22 13:05 asantos-fuze

We are still having this same issue.

bryancusatis avatar May 25 '22 00:05 bryancusatis

@bryancusatis Apply the changes on commit 54bd2d9 made by @bodgit . This should solve the issue

asantos-fuze avatar May 25 '22 09:05 asantos-fuze

I have the same issue.

Will commit https://github.com/bodgit/terraform-aws-atlantis/commit/54bd2d9a043e0e82937aa1ba724e8a08677d3acf not be merged into this repository ......?γ€€ Shall I create a PR with the same one?

chroju avatar Oct 18 '22 02:10 chroju

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Dec 02 '22 02:12 github-actions[bot]