Home > Software design >  Creating security group "Error revoking default egress rule for Security Group ... The specifie
Creating security group "Error revoking default egress rule for Security Group ... The specifie

Time:03-12

When I attempt to create a security group in Localstack, I get the error:

│ Error: Error revoking default egress rule for Security Group (sg-4f6d23cc257842ce0): InvalidPermission.NotFound: The specified rule does not exist in this security group
│   status code: 400, request id: 7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
│ 
│   with aws_security_group.mysg,
│   on main.tf line 17, in resource "aws_security_group" "mysg":
│   17: resource "aws_security_group" "mysg" {

I am on:

  • Ubuntu 20.04
  • LocalStack: 0.14.0.9
  • Terraform: v1.1.7

I started Localstack with docker-compose -f localstack.yml up and then ran the following commands:

terraform init
terraform fmt
terraform validate
terraform apply

localstack.yml

version: '2.1'

services:
  localstack:
    container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
    image: localstack/localstack
    ports:
      - "4566-4599:4566-4599"
      - "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
    environment:
      - SERVICES=s3,dynamodb,cloudformation,ec2,iam
      - DEBUG=${DEBUG- }
      - DATA_DIR=${DATA_DIR- }
      - PORT_WEB_UI=${PORT_WEB_UI- }
      - LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR- }
      - KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
      - DOCKER_HOST=unix:///var/run/docker.sock
      - HOST_TMP_FOLDER=${TMPDIR}
    volumes:
      - "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
      - "/var/run/docker.sock:/var/run/docker.sock"

main.tf

provider "aws" {
  region                      = "us-east-1"
  access_key                  = "localstacktest"
  secret_key                  = "localstacktestkey"
  skip_credentials_validation = true
  skip_requesting_account_id  = true
  skip_metadata_api_check     = true
  s3_use_path_style           = true
  endpoints {
    ec2 = "http://localhost:4566"
    iam = "http://localhost:4566"
  }
}

# Setup our security group
resource "aws_security_group" "mysg" {
  name   = "allow_ssh"
  vpc_id = var.vpc_id

  ingress {
    description = "Allow inbound ssh traffic"
    cidr_blocks = [var.cidr_block]
    from_port   = var.port
    protocol    = "tcp"
    to_port     = var.port
  }

  tags = {
    name = "allow_ssh"
  }
}

variables.tf

variable "vpc_id" {
  default = "vpc-bc102dc4"
}

variable "port" {
  default = 22
}

variable "cidr_block" {
  default = "0.0.0.0/0"
}

outputs.tf

output "security_group" {
  value = aws_security_group.mysg.id
}

CodePudding user response:

I confirm I can reproduce the issue, and indeed this is due to vpc. Just to create your SG in a default VPC, you can remove the vpc_id = var.vpc_id. Also its good practice to add egress:

resource "aws_security_group" "mysg" {
  name   = "allow_ssh"

  ingress {
    description = "Allow inbound ssh traffic"
    cidr_blocks = [var.cidr_block]
    from_port   = var.port
    protocol    = "tcp"
    to_port     = var.port
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }  

  tags = {
    name = "allow_ssh"
  }
}
  • Related