Terraform: Adding AWS security group forces new resource
Currently if you add a security group in AWS terraform reports the following and a new resource is forced.
security_groups.#: "1" => "2" (forces new resource)
security_groups.3297643359: "sg-XXX" => "sg-XXX" (forces new resource)
security_groups.966748175: "" => "sg-XXX" (forces new resource)
It would be nice to be able to add a security group to a list of security groups (not changing any existing SG's) without having to recreate the server.
jmreicha
All 8 comments
If you are using ec2 classic then that is the only way to apply additional SGs. If you are on VPC then this is definitely a modification I would like to see to terraform since AWS VPC allows you to add/remove SGs on the fly.
arukaen
on 27 Apr 2015
Yes sorry, forgot to mention this was for a VPC.
jmreicha
on 27 Apr 2015
This is another bug reported somewhere. We're close to finally fixingthis but please track that bug.
mitchellh
on 29 Apr 2015
@mitchellh can that issue be referenced here? This bug seems to occur as of v0.6.8. I have an existing aws_instance resource with 1 security group under security_groups, and when I try to add a second one it tells be that the existing aws_instance resource will be deleted because the additional security group forces new resource.
calvn
on 3 Dec 2015
Hello @cleung2010 – for instances in a VPC, use vpc_security_group_ids instead of regular security_groups. Using the vpc_ version will allow you to add/remove security groups without recreating the instance.
Thanks!
catsby
on 4 Dec 2015
Sorry for the noise, but just wanted to say thanks so much for this. I've been banging my head as all my instances have been being force-recreated. I missed it in the docs. Terraform rawks.
n8gard
on 4 May 2016
Thanks! It helped a lot for beginner in terraform like me :)
harrocan
on 27 Jul 2017
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 8 Apr 2020
Related issues
ketzacoatl
·
3Comments
darron
·
3Comments
cpoole
·
3Comments
pawelsawicz
·
3Comments
sprokopiak
·
3Comments
Most helpful comment
Hello @cleung2010 – for instances in a VPC, use
vpc_security_group_idsinstead of regularsecurity_groups. Using thevpc_version will allow you to add/remove security groups without recreating the instance.Thanks!