Обновление инфраструктуры с помощью Terraform упало с ошибкой:
... [31mError applying plan: 1 error(s) occurred: * aws_security_group.api_ec2: Error authorizing security group ingress rules: InvalidGroupId.Malformed: Invalid id: "0" (expecting "sg-...") status code: 400, request id: f761e22f-9773-413e-af57-a13632569604 ...
Ищем в логе модификации для ресурса aws_security_group.api_ec2
, и обращаем внимание на security_group
-ы:
... [0m[1maws_security_group.api_ec2: Modifying...[21m egress.#: "6" => "9" egress.1163740523.cidr_blocks.#: "0" => "1" egress.1163740523.cidr_blocks.0: "" => "0.0.0.0/0" ... egress.2485695960.security_groups.#: "0" => "0" egress.2485695960.self: "false" => "false" egress.2485695960.to_port: "8083" => "8083" egress.3464463693.cidr_blocks.#: "0" => "0" egress.3464463693.from_port: "" => "587" egress.3464463693.prefix_list_ids.#: "0" => "0" egress.3464463693.protocol: "" => "tcp" egress.3464463693.security_groups.#: "0" => "1" egress.3464463693.security_groups.1080289494: "" => "0.0.0.0/0" egress.3464463693.self: "" => "false" egress.3464463693.to_port: "" => "587" egress.516175195.cidr_blocks.#: "1" => "1" egress.516175195.cidr_blocks.0: "0.0.0.0/0" => "0.0.0.0/0" ... ingress.3098991785.cidr_blocks.#: "2" => "2" ingress.3098991785.cidr_blocks.0: "10.4.0.0/24" => "10.4.0.0/24" ingress.3098991785.cidr_blocks.1: "10.4.1.0/24" => "10.4.1.0/24" ingress.3098991785.from_port: "9999" => "9999" ingress.3098991785.protocol: "tcp" => "tcp" ingress.3098991785.security_groups.#: "0" => "0" ingress.3098991785.self: "false" => "false" ingress.3098991785.to_port: "9999" => "9999" ... ingress.4120336657.self: "false" => "false" ingress.4120336657.to_port: "8080" => "8080"[0m ...
Вот где возникла проблема – security_groups
присваивается значение в виде CIDR, вместо имени Security Group:
... egress.3464463693.security_groups.1080289494: "" => "0.0.0.0/0" ...
Проверяем шаблон ресурса aws_security_group
для EC2, и вот сама ошибка:
... # Allow SMTP to US-WEST egress { from_port = 587 to_port = 587 protocol = "tcp" security_groups = ["0.0.0.0/0"] } ...
Копировал из другого правила, и не заменил security_groups
на cidr_blocks
.
Подробнее о aws_security_group
– тут>>>.