I have a rule for a security group that includes the following code.
ingress {
description = "1984 from xymon client"
from_port = local.xymon_port
to_port = local.xymon_port
protocol = local.tcp_proto
cidr_blocks = var.xymon_clients_cidr
}
The variable just contains a number of CIDR ranges coded as
“xxx.xxx.xxx.0/24”, “xxx.xxx.xxx.0/24” etc
When I add an extra CIDR range to the variable and run Terraform Plan it comes up with
No changes. Your infrastructure matches the configuration. The only way I can apply the change is to manually update it on AWS and then run
terraform apply -refresh-only
Is their a better way I can code this so it will recognise the updates?
It appears this was an ID 10 T error. There was a lifecycle rule and in there was a single line saying
ignore_changes = [ingress]
I didn’t originally write this code and I just hadn’t scrolled down far enough to see this bit.
I think this was added in because a terraform plan was always wanting to change this security group even when there were no changes and this was an easy fix. I have now changed the code so the ingress rules are applied by a security_group_rule and not directly in the security group which has allowed me to remove the ignore and get expected behaviour when doing a terraform plan.