I am trying to create an sg with Terraform.
I want all instances of a particular SG to have all communication allowed among them, so I am adding the SG itself to the ingress rules as follows:
resource "aws_security_group" "rancher-server-sg" {
vpc_id = "${aws_vpc.rancher-vpc.id}"
name = "rancher-server-sg"
description = "security group for rancher server"
ingress {
from_port = 0
to_port = 0
protocol = -1
security_groups = ["${aws_security_group.rancher-server-sg.id}"]
}
However when running terraform plan, I get:
However, in the AWS console, I am allowed to add an SG name in the inbound rules and I see that I can add the group itself (i.e. self-referenced).
Why is that?
I have also tried this without success:
security_groups = ["${self.id}"]
Citing the manual:
self - (Optional) If true, the security group itself will be added as a source to this ingress rule.
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}