InvalidGroup.NotFound error in Terraform, but security group exists

Question

I’m getting the error below, from command AWS_PROFILE=myprofile AWS_REGION=sa-east-1 terraform apply -target=module.saopaulo_service_dev_kubernetes.

Error authorizing security group rule type ingress: InvalidGroup.NotFound: The security group ‘sg-something’ does not exist

The target I'm applying is as below.

module "saopaulo_service_dev_kubernetes" {
  source = "./modules/regional-kubernetes"

  region_code    = "saopaulo"
  vpc_name       = "main"
  env            = "dev"
  cluster_prefix = "service"

  instance_type = "m5.2xlarge"

  providers = {
    aws = aws.saopaulo
  }
}

The source file is as below. I didn't add all the files, as there are too many, but just attached the eks module (terraform-aws-modules/eks/aws) I use to create my module.

data "aws_eks_cluster" "cluster" {
  name = module.eks.cluster_id
}

data "aws_eks_cluster_auth" "cluster" {
  name = module.eks.cluster_id
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
  load_config_file       = false
  version                = "~> 1.9"
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "12.2.0" # Version Pinning

  cluster_name    = local.cluster_name
  cluster_version = local.cluster_version
  vpc_id          = local.vpc_id
  subnets         = local.private_subnets

  cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]

  worker_additional_security_group_ids = [aws_security_group.nodeport.id, data.aws_security_group.common_eks_sg.id]

  wait_for_cluster_cmd = "for i in `seq 1 60`; do curl -k -s $ENDPOINT/healthz >/dev/null && exit 0 || true; sleep 5; done; echo TIMEOUT && exit 1"

  worker_groups = concat([{
    instance_type = "t3.micro"

    asg_min_size = "1"
    asg_max_size = var.asg_max_size

    key_name = "shared-backdoor"

    kubelet_extra_args = join(" ", [
      "--node-labels=app=nodeport",
      "--register-with-taints=dedicated=nodeport:NoSchedule"
    ])

    pre_userdata = file("${path.module}/pre_userdata.sh")

    tags = concat([for k, v in local.common_tags : {
      key                 = k
      value               = v
      propagate_at_launch = "true"
      }], [{
      key                 = "Role"
      value               = "nodeport"
      propagate_at_launch = "true"
    }])

  }], local.worker_group)

  map_users = local.allow_user
  # map_roles = local.allow_roles[var.env]
}

I have security group named sg-something in sa-east-1 region, and have also checked that I’m running terraform apply on correct region by checking

data "aws_region" "current" {}
output my_region {
  value = data.aws_region.current.name
}

Any suggestions?

question from:https://stackoverflow.com/questions/65912709/invalidgroup-notfound-error-in-terraform-but-security-group-exists

Answer 1

Waitting for answers