Terraform plan says it needs to make changes even though I haven't made any to my AWS EC2 instance

0
votes

I recently created some new resources with terraform .70 and right after running the apply I run terraform plan again and it says this needs to happen but I haven't made any changes to my main.tf file:

security_groups.#: "0" => "1" (forces new resource)
security_groups.2319596366: "" => "sg-8a7679ec" (forces new resource)

I ran terraform apply again (on a test instance) just to see what it would do and it terminates my original AWS ec2 instance server and creates a new one (good thing I didn't do this in production)...

Is this a bug or am I doing something wrong?

2
amazon-web-servicesamazon-ec2terraformaws-security-group
Terraform thinks you've attached a new security group to your instance in terraform. Did You? - James Woolfenden
Nope it has been like that for years. I believe aws changed how they did things which introduced a bug in terraform. If you read my post you can see I did a plan right after the apply without making changes... - big tone

2 Answers

3
votes

The behaviour of the security_groups attribute (intended for use with non-vpc, classic EC2 security groups) was changed in version 0.6.15, it no longer works properly when used with VPC security groups. You likely need to use the vpc_security_group_ids attribute instead.

1
votes

Looks like .70 fixed a bug with security groups and now I have to specify security groups with vpc_security_group_ids. I replaced security_groups with vpc_security_group_ids and it is not showing any changes are needed now.