Terraform-provider-aws: No way to add one simple public IP into aws security group with specific CIDR via Variable
_This issue was originally opened by @ranvijayj as hashicorp/terraform#17414. It was migrated here as a result of the provider split. The original body of the issue is below._
Terraform Version
0.11
...
Terraform Configuration Files
resource "aws_security_group_rule" "mongo" {
type = "ingress"
from_port = 27017
to_port = 27017
protocol = "tcp"
cidr_blocks = ["instance_publicIP/32"]
security_group_id = "sg-58995220"
}
The above is what I want
In CIDR block value I tried:
variable "bits" { default = "32" }
cidr_blocks = ["${module.frontend_api.instance_public_ip}/${var.bits}"]
...
${module.frontend_api.instance_public_ip} does give public IP but when I try the above says not valid
Debug Output
Crash Output
not valid CIDR etc.
Expected Behavior
Don't know if tehre is a way to add speicific CIDR
An entry in Security group like ingress >> port 27017 IP: X.Y.A.B/32
Actual Behavior
Failed... Tried a lot many ways
Steps to Reproduce
Just create a Security group via terraform
ter plan
ter apply
Additional Context
References
hashibot[bot]
All 4 comments
can you provide exact terraform output please?
redbaron
on 23 Feb 2018
Can't reproduce
- Terraform v0.11.7
- provider.aws v1.24
provider "aws" {
max_retries = 3
region = "eu-central-1"
profile = "devops"
}
data "aws_vpc" "default" {
default = true
}
data "aws_security_group" "default" {
vpc_id = "${data.aws_vpc.default.id}"
}
variable "cidr" {
default = "32"
}
variable "ip" {
default = "1.2.3.4"
}
resource "aws_security_group_rule" "test" {
type = "ingress"
from_port = "22"
to_port = "22"
protocol = "tcp"
cidr_blocks = ["${var.ip}/${var.cidr}"]
security_group_id = "${element(split("/", data.aws_security_group.default.arn),1)}"
}
00:06 n3ph@mag-xps ~/tmp/community_gardening_terraform ✔ terraform apply
data.aws_vpc.default: Refreshing state...
data.aws_security_group.default: Refreshing state...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_security_group_rule.test
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: "1.2.3.4/32"
from_port: "22"
protocol: "tcp"
security_group_id: "sg-7e92ac14"
self: "false"
source_security_group_id: <computed>
to_port: "22"
type: "ingress"
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_security_group_rule.test: Creating...
cidr_blocks.#: "" => "1"
cidr_blocks.0: "" => "1.2.3.4/32"
from_port: "" => "22"
protocol: "" => "tcp"
security_group_id: "" => "sg-7e92ac14"
self: "" => "false"
source_security_group_id: "" => "<computed>"
to_port: "" => "22"
type: "" => "ingress"
aws_security_group_rule.test: Creation complete after 1s (ID: sgrule-240805207)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
00:07 n3ph@mag-xps ~/tmp/community_gardening_terraform ✔
n3ph
on 22 Jun 2018
Hi @ranvijayj,
I am going to close this ticket for now as there has not been a response, but feel free to reply below and we can open this back up and try and help you out. Thanks!
mildwonkey
on 22 Jun 2018
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
hashibot[bot]
on 5 Apr 2020
Related issues
hashibot
·
58Comments
cjeanneret
·
39Comments
oarmstrong
·
44Comments
tdmalone
·
89Comments
jayanderson
·
44Comments
Most helpful comment
Can't reproduce