I’m getting the error below, from command AWS_PROFILE=myprofile AWS_REGION=sa-east-1 terraform apply -target=module.saopaulo_service_dev_kubernetes
.
Error authorizing security group rule type ingress: InvalidGroup.NotFound: The security group ‘sg-something’ does not exist
The target I'm applying is as below.
module "saopaulo_service_dev_kubernetes" {
source = "./modules/regional-kubernetes"
region_code = "saopaulo"
vpc_name = "main"
env = "dev"
cluster_prefix = "service"
instance_type = "m5.2xlarge"
providers = {
aws = aws.saopaulo
}
}
The source file is as below. I didn't add all the files, as there are too many, but just attached the eks module (terraform-aws-modules/eks/aws
) I use to create my module.
data "aws_eks_cluster" "cluster" {
name = module.eks.cluster_id
}
data "aws_eks_cluster_auth" "cluster" {
name = module.eks.cluster_id
}
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
version = "~> 1.9"
}
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "12.2.0" # Version Pinning
cluster_name = local.cluster_name
cluster_version = local.cluster_version
vpc_id = local.vpc_id
subnets = local.private_subnets
cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
worker_additional_security_group_ids = [aws_security_group.nodeport.id, data.aws_security_group.common_eks_sg.id]
wait_for_cluster_cmd = "for i in `seq 1 60`; do curl -k -s $ENDPOINT/healthz >/dev/null && exit 0 || true; sleep 5; done; echo TIMEOUT && exit 1"
worker_groups = concat([{
instance_type = "t3.micro"
asg_min_size = "1"
asg_max_size = var.asg_max_size
key_name = "shared-backdoor"
kubelet_extra_args = join(" ", [
"--node-labels=app=nodeport",
"--register-with-taints=dedicated=nodeport:NoSchedule"
])
pre_userdata = file("${path.module}/pre_userdata.sh")
tags = concat([for k, v in local.common_tags : {
key = k
value = v
propagate_at_launch = "true"
}], [{
key = "Role"
value = "nodeport"
propagate_at_launch = "true"
}])
}], local.worker_group)
map_users = local.allow_user
# map_roles = local.allow_roles[var.env]
}
I have security group named sg-something in sa-east-1 region, and have also checked that I’m running terraform apply on correct region by checking
data "aws_region" "current" {}
output my_region {
value = data.aws_region.current.name
}
Any suggestions?
question from:
https://stackoverflow.com/questions/65912709/invalidgroup-notfound-error-in-terraform-but-security-group-exists 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…