Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Terraform: Inappropriate value for attribute "ingress" while creating SG

I'm creating a Security group using terraform, and when I'm running terraform plan. It is giving me an error like some fields are required, and all those fields are optional.

Terraform Version: v1.0.5

AWS Provider version: v3.57.0

main.tf

resource "aws_security_group" "sg_oregon" {
  name        = "tf-sg"
  description = "Allow web traffics"
  vpc_id      = aws_vpc.vpc_terraform.id

  ingress = [
    {
      description      = "HTTP"
      from_port        = 80
      to_port          = 80
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]  
    },
  {
      description      = "HTTPS"
      from_port        = 443
      to_port          = 443
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]  
  },

    {
      description      = "SSH"
      from_port        = 22
      to_port          = 22
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]  
    }
  ]


  egress = [
    {
      description      = "for all outgoing traffics"
      from_port        = 0
      to_port          = 0
      protocol         = "-1"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
      
    }
  ]

  tags = {
    Name = "sg-for-subnet"
  }
}

error in console

│ Inappropriate value for attribute "ingress": element 0: attributes "ipv6_cidr_blocks", "prefix_list_ids", "security_groups", and "self" are required.

│ Inappropriate value for attribute "egress": element 0: attributes "prefix_list_ids", "security_groups", and "self" are required.

I'm following this doc: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group

Any help would be appreciated.

like image 411
Abhishek Kumar Avatar asked Sep 06 '21 20:09

Abhishek Kumar


People also ask

Can a security group have ingress and egress rules in TerraForm?

Terraform currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule ...

What is the difference between computed and non-computed values in TerraForm?

Terraform 0.11 has a limitation which does not allow computed values inside count attribute on resources (issues: #16712, #18015, …) Computed values are values provided as outputs from module. Non-computed values are all others - static values, values referenced as variable and from data-sources.

What arguments does terraform support in AWS?

This module aims to implement ALL combinations of arguments supported by AWS and latest stable version of Terraform: VPC endpoint prefix lists (use data source aws_prefix_list) Named groups of rules with ingress (inbound) and egress (outbound) ports open for common scenarios (eg, ssh, http-80, mysql, see the whole list here)

What version of TerraForm do I use?

For Terraform 0.13 or later use any version from v4.5.0 of this module or newer. For Terraform 0.12 use any version from v3.* to v4.4.0. If you are using Terraform 0.11 you can use versions v2.*. There are two ways to create security groups using this module:


1 Answers

Since you are using Attributes as Blocks you have to provide values for all options:

resource "aws_security_group" "sg_oregon" {
  name        = "tf-sg"
  description = "Allow web traffics"
  vpc_id      = aws_vpc.vpc_terraform.id

  ingress = [
    {
      description      = "HTTP"
      from_port        = 80
      to_port          = 80
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]  
      ipv6_cidr_blocks = []
      prefix_list_ids = []
      security_groups = []
      self = false
    },
  {
      description      = "HTTPS"
      from_port        = 443
      to_port          = 443
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]  
      ipv6_cidr_blocks = []
      prefix_list_ids = []
      security_groups = []
      self = false      
  },

    {
      description      = "SSH"
      from_port        = 22
      to_port          = 22
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]  
      ipv6_cidr_blocks = []
      prefix_list_ids = []
      security_groups = []
      self = false      
    }
  ]


  egress = [
    {
      description      = "for all outgoing traffics"
      from_port        = 0
      to_port          = 0
      protocol         = "-1"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
      prefix_list_ids = []
      security_groups = []
      self = false
    }
  ]

  tags = {
    Name = "sg-for-subnet"
  }
}
like image 57
Marcin Avatar answered Sep 20 '22 16:09

Marcin