创建安全组时撤消安全组的默认出口规则时出错...此安全组中不存在指定的规则&Quot; [英] Creating security group "Error revoking default egress rule for Security Group ... The specified rule does not exist in this security group"
本文介绍了创建安全组时撤消安全组的默认出口规则时出错...此安全组中不存在指定的规则&Quot;的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当我尝试在LocalStack中创建安全组时,收到错误:
│ Error: Error revoking default egress rule for Security Group (sg-4f6d23cc257842ce0): InvalidPermission.NotFound: The specified rule does not exist in this security group
│ status code: 400, request id: 7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
│
│ with aws_security_group.mysg,
│ on main.tf line 17, in resource "aws_security_group" "mysg":
│ 17: resource "aws_security_group" "mysg" {
我在:
- Ubuntu 20.04
- 本地堆栈:0.14.0.9
- Terraform:v1.1.7
我用docker-compose -f localstack.yml up启动了本地堆栈,然后运行了以下命令:
terraform init
terraform fmt
terraform validate
terraform apply
Localstack.yml
version: '2.1'
services:
localstack:
container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
image: localstack/localstack
ports:
- "4566-4599:4566-4599"
- "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
environment:
- SERVICES=s3,dynamodb,cloudformation,ec2,iam
- DEBUG=${DEBUG- }
- DATA_DIR=${DATA_DIR- }
- PORT_WEB_UI=${PORT_WEB_UI- }
- LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR- }
- KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
- DOCKER_HOST=unix:///var/run/docker.sock
- HOST_TMP_FOLDER=${TMPDIR}
volumes:
- "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
main.tf
provider "aws" {
region = "us-east-1"
access_key = "localstacktest"
secret_key = "localstacktestkey"
skip_credentials_validation = true
skip_requesting_account_id = true
skip_metadata_api_check = true
s3_use_path_style = true
endpoints {
ec2 = "http://localhost:4566"
iam = "http://localhost:4566"
}
}
# Setup our security group
resource "aws_security_group" "mysg" {
name = "allow_ssh"
vpc_id = var.vpc_id
ingress {
description = "Allow inbound ssh traffic"
cidr_blocks = [var.cidr_block]
from_port = var.port
protocol = "tcp"
to_port = var.port
}
tags = {
name = "allow_ssh"
}
}
变量.tf
variable "vpc_id" {
default = "vpc-bc102dc4"
}
variable "port" {
default = 22
}
variable "cidr_block" {
default = "0.0.0.0/0"
}
outputs.tf
output "security_group" {
value = aws_security_group.mysg.id
}
推荐答案
我确认可以重现该问题,这确实是vpc造成的。只需在默认私有网络中创建您的SG,即可删除vpc_id = var.vpc_id。添加egress:
resource "aws_security_group" "mysg" {
name = "allow_ssh"
ingress {
description = "Allow inbound ssh traffic"
cidr_blocks = [var.cidr_block]
from_port = var.port
protocol = "tcp"
to_port = var.port
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
name = "allow_ssh"
}
}
这篇关于创建安全组时撤消安全组的默认出口规则时出错...此安全组中不存在指定的规则&Quot;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
