Occurs to me in version 0.9.4 and 0.10.4
I imported a list of AWS security groups using Terraform's import command as follows:
terraform import aws_security_group.production_servers sg-xxxxxxx
When I do:
terraform plan aws_security_group.production_servers
everything is fine but when I do a general plan:
terraform plan
- aws_security_group_rule.load_balancer_1
- aws_security_group_rule.load_balancer_1-1
- aws_security_group_rule.load_balancer_1-2
- aws_security_group_rule.load_balancer_1-3
- aws_security_group_rule.production_servers
- aws_security_group_rule.production_servers-1
- aws_security_group_rule.production_servers-2
- aws_security_group_rule.production_servers-3
- aws_security_group_rule.production_services_access
- aws_security_group_rule.production_services_access-1
- aws_security_group_rule.production_services_access-2
Some aws_security_group_rule(persisted in my .tfstate file) are going to be deleted.
I'm declaring the security groups using aws_security_group with ingress and egress per rule. Not sure whether to declare those aws_security_group_rules because of this.
Not sure what I'm missing, any guidance would be appreciated.
Thanks.
Best Answer
So the import for network ACL and security group break things out like
You mentioned you had all the rules in the
aws_security_groupwhich is perfectly fine. I prefer them outside since its more readable if you make a rule change and have like 10-15 rules in a group.So whats going on is terraform wrote a blank
aws_security_groupwith no rules and has a bunch of externalaws_security_group_rulein the state file which is different then your TF config.So on a plan it'll say I need to destroy these and then it will create them in the resource itself.
You might get a minor blip of no security group rules but in the end it'll clean up on an apply. Just look at the plan for your
aws_security_groupI would bet all your rules are listed in there