terraform > forces new resource on security group

Question

I've got a very simple piece of Terraform code:

provider "aws" {
  region = "eu-west-1"
}

module ec2 {
  source = "./ec2_instance"
  name = "EC2 Instance 1"
}

where the module is:

variable "name" {
    default = "Default Name from ec2_instance.tf"
}

resource "aws_instance" "example" {
  ami = "ami-e5083683"
  instance_type = "t2.nano"
  subnet_id = "subnet-3e976259"
  associate_public_ip_address = true
  security_groups = [ "sg-7310e10b" ]
  tags {
    Name = "${var.name}"
  }
}

When I first run it I get this output:

security_groups.#:            "" => "1"
security_groups.1642973399:   "" => "sg-7310e10b"

However, the next time I try a plan I get:

  security_groups.#:            "0" => "1" (forces new resource)
  security_groups.1642973399:   "" => "sg-7310e10b" (forces new resource)

What gives?!

Note that you are mixing up default and description on your variable. — Markus
What version of Terraform and the AWS provider are you running? Also you should really be using vpc_security_group_ids instead of security_groups when creating instances inside a VPC. See the docs for this: terraform.io/docs/providers/aws/r/instance.html#security_groups — ydaetskcoR

Don Don · Accepted Answer · 2018-07-30T03:55:51

You are incorrectly assigning a vpc_security_group_id into security_groups, instead of into vpc_security_group_ids.

Change

security_groups = [ "sg-7310e10b" ]

to

vpc_security_group_ids = [ "sg-7310e10b" ]

and everything will be ok.

terraform > forces new resource on security group

1 Answers