Occurs to me in version 0.9.4 and 0.10.4
I imported a list of AWS security groups using Terraform's import command as follows:
terraform import aws_security_group.production_servers sg-xxxxxxx
When I do:
terraform plan aws_security_group.production_servers
everything is fine but when I do a general plan:
terraform plan
- aws_security_group_rule.load_balancer_1
- aws_security_group_rule.load_balancer_1-1
- aws_security_group_rule.load_balancer_1-2
- aws_security_group_rule.load_balancer_1-3
- aws_security_group_rule.production_servers
- aws_security_group_rule.production_servers-1
- aws_security_group_rule.production_servers-2
- aws_security_group_rule.production_servers-3
- aws_security_group_rule.production_services_access
- aws_security_group_rule.production_services_access-1
- aws_security_group_rule.production_services_access-2
Some aws_security_group_rule
(persisted in my .tfstate file) are going to be deleted.
I'm declaring the security groups using aws_security_group
with ingress
and egress
per rule. Not sure whether to declare those aws_security_group_rule
s because of this.
Not sure what I'm missing, any guidance would be appreciated.
Thanks.
Best Answer
So the import for network ACL and security group break things out like
You mentioned you had all the rules in the
aws_security_group
which is perfectly fine. I prefer them outside since its more readable if you make a rule change and have like 10-15 rules in a group.So whats going on is terraform wrote a blank
aws_security_group
with no rules and has a bunch of externalaws_security_group_rule
in the state file which is different then your TF config.So on a plan it'll say I need to destroy these and then it will create them in the resource itself.
You might get a minor blip of no security group rules but in the end it'll clean up on an apply. Just look at the plan for your
aws_security_group
I would bet all your rules are listed in there