Terraform: Self referential ingress rules for security groups

Created on 8 Aug 2014 · 6Comments · Source: hashicorp/terraform

Terraform complains if I try to make ingress rules that reference the security group itself.
Example:

example.tf

resource "aws_security_group" "example" {
    name = "example"
    ...
    ingress {
        from_port = 22
        to_port = 22
        protocol = "tcp"
        security_groups = ["${aws_security_group.example.id}"]
    }
}

and the output I get:

Error creating graph: The dependency graph is not valid:

* Cycle: aws_security_group.example

Source

albertrdixon

Most helpful comment

For Google continuity I wanted to note that there is now a "self" parameter on ingress and egress rules that allows this behavior: http://www.terraform.io/docs/providers/aws/r/security_group.html

wazoo on 24 Apr 2015

👍45 🎉10 😄1

All 6 comments

This would be fixed with the new resource types I suggest in https://github.com/hashicorp/terraform/issues/28#issuecomment-51536163.

alekstorm on 8 Aug 2014

Cool, yeah adding ingress and egress types would certainly work. At the least, some mechanism by which security group rules are added to the SG after the SG is created so that the id attribute exists.

albertrdixon on 8 Aug 2014

A certain amount of self-referential variables would actually in theory work (in practice it doesn't right now), but we're not yet looking to support this. I think @alekstorm's suggestion is the best.

mitchellh on 11 Aug 2014

(closing this in favor of just racking on #28)

mitchellh on 11 Aug 2014

For Google continuity I wanted to note that there is now a "self" parameter on ingress and egress rules that allows this behavior: http://www.terraform.io/docs/providers/aws/r/security_group.html

wazoo on 24 Apr 2015

👍45 🎉10 😄1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.