A duplicate Security Group rule was found after second apply

[haarchri]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform Version 1.0.5
Provider AWS 3.56.0 also tested 4.22.0 same effect

Affected Resource(s)

• aws_security_group_rule

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

cat main.tf.json
{
    "provider": {
        "aws": {
            "access_key": "xx",
            "region": "eu-central-1",
            "secret_key": "xx",
            "token": "xx"
        }
    },
    "resource": {
        "aws_security_group_rule": {
            "test": {
                "cidr_blocks": [
                    "10.0.0.0/24",
                    "192.168.64.11/32",
                    "192.168.28.11/32",
                    "192.168.192.11/32"
                ],
                "description": "test",
                "from_port": 443,
                "lifecycle": {
                    "prevent_destroy": true
                },
                "protocol": "tcp",
                "security_group_id": "sg-082c7e99a0e4ffcaa",
                "to_port": 443,
                "type": "ingress"
            }
        }
    },
    "terraform": {
        "required_providers": {
            "aws": {
                "source": "hashicorp/aws",
                "version": "3.56.0"
            }
        }
    }
}

cat terraform.tfstate
{
  "version": 4,
  "terraform_version": "1.0.5",
  "serial": 12,
  "lineage": "a1092ece-ceab-4541-9760-47809743155a",
  "outputs": {},
  "resources": []
}

cat terraform.tfstate.backup 
{
  "version": 4,
  "terraform_version": "1.0.5",
  "serial": 11,
  "lineage": "a1092ece-ceab-4541-9760-47809743155a",
  "outputs": {},
  "resources": [
    {
      "mode": "managed",
      "type": "aws_security_group_rule",
      "name": "test",
      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 2,
          "attributes": {
            "cidr_blocks": [
              "10.0.0.0/24",
              "192.168.64.11/32",
              "192.168.28.11/32",
              "192.168.192.11/32"
            ],
            "description": "test",
            "from_port": 443,
            "id": "sgrule-837740959",
            "ipv6_cidr_blocks": [],
            "prefix_list_ids": [],
            "protocol": "tcp",
            "security_group_id": "sg-082c7e99a0e4ffcaa",
            "self": false,
            "source_security_group_id": null,
            "to_port": 443,
            "type": "ingress"
          },
          "sensitive_attributes": [],
          "private": "xxxxx"
        }
      ]
    }
  ]
}

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

1. terraform plan
2. terraform apply
3. terraform plan
4. terraform apply --> Error

create failed: cannot apply: apply failed: [WARN] A duplicate Security Group rule was found on (sg-082c7e99a0e4ffcaa). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 10.0.0.0/24, TCP, from port: 443, to port: 443, ALLOW" already exists
             status code: 400, request id: a16e81e3-1ea6-47d6-ac08-ec722f2ec2d6: : File name: main.tf.json

Important Factoids

References

• #0000

[justinretzolk]

Hey @haarchri 👋 Thank you for taking the time to raise this! So that we have all of the necessary information in order to look into this, can you supply the Terraform and AWS Provider versions you're using as well?

[haarchri]

Both in my issue in the files i added

[haarchri]

@justinretzolk any idea ?

[haarchri]

Looks Like Same issue

#26021

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.